From 3bd32316babefb3f04827154dcdda593803516b8 Mon Sep 17 00:00:00 2001 From: Niclas Mietz Date: Mon, 7 Mar 2022 17:32:55 +0100 Subject: [PATCH 001/494] docs: fix changelog formatting (#8302) --- Changelog.md | 64 ++++++++++++++++++++++++++-------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/Changelog.md b/Changelog.md index 8aed9ff0f..40a4aaaf9 100644 --- a/Changelog.md +++ b/Changelog.md @@ -7,39 +7,39 @@ This release bumps grpc version to 1.44.0 & runc to version 1.1.0. The release also re-introduces the ingress.class annotation, which was previously declared as deprecated. Besides that, several bug fixes and improvements are listed below. -Changes: +_Changes:_ -[8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build -[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build -[8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge -[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241 -[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts -[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error -[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation -[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric -[8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code. -[8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image -[8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests -[8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint -[8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 -[8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0 -[8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint -[8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial -[8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera -[8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment -[8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation -[8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell -[8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor -[8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations -[8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0 -[8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account -[8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description -[8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests -[8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values -[8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1 -[8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs -[8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits -[8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations +- [8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build +- [8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build +- [8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge +- [8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241 +- [8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts +- [8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error +- [8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation +- [8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric +- [8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code. +- [8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image +- [8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests +- [8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint +- [8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 +- [8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0 +- [8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint +- [8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial +- [8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera +- [8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment +- [8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation +- [8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell +- [8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor +- [8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations +- [8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0 +- [8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account +- [8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description +- [8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests +- [8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values +- [8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1 +- [8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs +- [8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits +- [8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations ### 1.1.1 From a43346d975a6350f48e5420782e5051b7805e106 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 7 Mar 2022 12:38:53 -0500 Subject: [PATCH 002/494] leaving it the git tag (#8311) fixing the git tag for the image version, it is what it is . --- images/opentelemetry/cloudbuild.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/images/opentelemetry/cloudbuild.yaml b/images/opentelemetry/cloudbuild.yaml index 947eacbbb..5a4e1b3c0 100644 --- a/images/opentelemetry/cloudbuild.yaml +++ b/images/opentelemetry/cloudbuild.yaml @@ -8,6 +8,7 @@ steps: entrypoint: bash env: - DOCKER_CLI_EXPERIMENTAL=enabled + - TAG=$_GIT_TAG - BASE_REF=$_PULL_BASE_REF - REGISTRY=gcr.io/k8s-staging-ingress-nginx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx From 5a9fe30a5dbdecb675da740b632bed2f9e1449e7 Mon Sep 17 00:00:00 2001 From: hongkunyoo Date: Wed, 9 Mar 2022 23:54:13 +0900 Subject: [PATCH 003/494] Missing annotations (#8288) Not quite sure but It seems that `nginx.ingress.kubernetes.io/canary-by-header` is missing. --- docs/user-guide/nginx-configuration/annotations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 57542f25f..a0086abec 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -134,7 +134,7 @@ In some cases, you may want to "canary" a new set of changes by sending a small * `nginx.ingress.kubernetes.io/canary-by-header`: The header to use for notifying the Ingress to route the request to the service specified in the Canary Ingress. When the request header is set to `always`, it will be routed to the canary. When the header is set to `never`, it will never be routed to the canary. For any other value, the header will be ignored and the request compared against the other canary rules by precedence. -* `nginx.ingress.kubernetes.io/canary-by-header-value`: The header value to match for notifying the Ingress to route the request to the service specified in the Canary Ingress. When the request header is set to this value, it will be routed to the canary. For any other header value, the header will be ignored and the request compared against the other canary rules by precedence. This annotation has to be used together with . The annotation is an extension of the `nginx.ingress.kubernetes.io/canary-by-header` to allow customizing the header value instead of using hardcoded values. It doesn't have any effect if the `nginx.ingress.kubernetes.io/canary-by-header` annotation is not defined. +* `nginx.ingress.kubernetes.io/canary-by-header-value`: The header value to match for notifying the Ingress to route the request to the service specified in the Canary Ingress. When the request header is set to this value, it will be routed to the canary. For any other header value, the header will be ignored and the request compared against the other canary rules by precedence. This annotation has to be used together with `nginx.ingress.kubernetes.io/canary-by-header`. The annotation is an extension of the `nginx.ingress.kubernetes.io/canary-by-header` to allow customizing the header value instead of using hardcoded values. It doesn't have any effect if the `nginx.ingress.kubernetes.io/canary-by-header` annotation is not defined. * `nginx.ingress.kubernetes.io/canary-by-header-pattern`: This works the same way as `canary-by-header-value` except it does PCRE Regex matching. Note that when `canary-by-header-value` is set this annotation will be ignored. When the given Regex causes error during request processing, the request will be considered as not matching. From e1eff7816005b3fad21a091e306132d11e0ca61e Mon Sep 17 00:00:00 2001 From: Daniel Lim Date: Wed, 9 Mar 2022 23:56:13 +0900 Subject: [PATCH 004/494] Names cannot contain _ (underscore)! So I changed it to -. (#8300) * The name can't use _(underscore)! So fix it! The name can't use _(underscore)! So fix it! * Fix configMap name can't use _(underscore) Fix configMap name can't use _(underscore) --- .../custom-default-backend-error_pages.configMap.yaml | 2 +- .../custom-errors/custom-default-backend.helm.values.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/examples/customization/custom-errors/custom-default-backend-error_pages.configMap.yaml b/docs/examples/customization/custom-errors/custom-default-backend-error_pages.configMap.yaml index 86b1c44e8..303734c90 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend-error_pages.configMap.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend-error_pages.configMap.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: custom_error_pages + name: custom-error-pages data: 404: | diff --git a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml index ce42bb9b5..fc00707ce 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml @@ -7,14 +7,14 @@ defaultBackend: image: ingress-nginx/nginx-errors tag: "0.48.1" extraVolumes: - - name: custom_error_pages + - name: custom-error-pages configMap: - name: custom_error_pages + name: custom-error-pages items: - key: "404" path: "404.html" - key: "503" path: "503.html" extraVolumeMounts: - - name: custom_error_pages + - name: custom-error-pages mountPath: /www From 974d038c2a83dbba1802fddd7105127faf2589ca Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Mon, 14 Mar 2022 10:29:58 -0500 Subject: [PATCH 005/494] Pinned GitHub workflows by SHA (#8334) - Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies - Included permissions for some of the actions. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions Dependabot can upgrade pinned version of actions. --- .github/workflows/ci.yaml | 58 ++++++++++++++++++++++--------------- .github/workflows/docs.yaml | 13 +++++---- .github/workflows/helm.yaml | 11 ++++--- 3 files changed, 50 insertions(+), 32 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 25b8d5e14..cec6488ff 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -9,9 +9,15 @@ on: branches: - main +permissions: + contents: read + jobs: changes: + permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests runs-on: ubuntu-latest outputs: go: ${{ steps.filter.outputs.go }} @@ -20,9 +26,9 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - - uses: dorny/paths-filter@v2 + - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} @@ -43,10 +49,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - name: Run Gosec Security Scanner - uses: securego/gosec@master + uses: securego/gosec@b99b5f7838e43a4104354ad92a6a1774302ee1f9 # master with: # G601 for zz_generated.deepcopy.go # G306 TODO: Expect WriteFile permissions to be 0600 or less @@ -61,17 +67,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - name: Set up Go 1.17 id: go - uses: actions/setup-go@v2 + uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2 with: go-version: '1.17.6' - name: Set up Docker Buildx id: buildx - uses: crazy-max/ghaction-docker-buildx@v1 + uses: crazy-max/ghaction-docker-buildx@e01797ad2ea9a981005ad58c99afa8d842e3d3eb # v1 with: buildx-version: latest qemu-version: latest @@ -104,7 +110,7 @@ jobs: | pigz > docker.tar.gz - name: cache - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2 with: name: docker.tar.gz path: docker.tar.gz @@ -121,15 +127,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2 with: go-version: '1.17.6' - name: cache - uses: actions/download-artifact@v2 + uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 # v2 with: name: docker.tar.gz @@ -162,12 +168,12 @@ jobs: - name: Create Kubernetes cluster id: kind - uses: engineerd/setup-kind@v0.5.0 + uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 with: version: v0.11.1 image: kindest/node:v1.21.1 - - uses: geekyeggo/delete-artifact@v1 + - uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba # v1 with: name: docker.tar.gz failOnError: false @@ -202,22 +208,22 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - name: cache - uses: actions/download-artifact@v2 + uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 # v2 with: name: docker.tar.gz - name: Create Kubernetes ${{ matrix.k8s }} cluster id: kind - uses: engineerd/setup-kind@v0.5.0 + uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 with: version: v0.11.1 config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@v1 + - uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba # v1 with: name: docker.tar.gz failOnError: false @@ -245,14 +251,17 @@ jobs: make kind-e2e-test test-image-build: + permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests runs-on: ubuntu-latest env: PLATFORMS: linux/amd64 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - - uses: dorny/paths-filter@v2 + - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} @@ -302,14 +311,17 @@ jobs: cd images/kube-webhook-certgen && make build test-image: + permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests runs-on: ubuntu-latest env: PLATFORMS: linux/amd64 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - - uses: dorny/paths-filter@v2 + - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} @@ -320,7 +332,7 @@ jobs: - name: Create Kubernetes cluster id: kind if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: engineerd/setup-kind@v0.5.0 + uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 with: version: v0.11.1 image: kindest/node:v1.21.1 @@ -328,7 +340,7 @@ jobs: - name: Set up Go 1.17 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@v2 + uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2 with: go-version: '1.17.6' diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 420808443..df398b3f1 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -8,6 +8,9 @@ on: jobs: changes: + permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests runs-on: ubuntu-latest if: | (github.repository == 'kubernetes/ingress-nginx') @@ -18,15 +21,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - - uses: dorny/paths-filter@v2 + - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} filters: | docs: - - 'docs/**/*' + - 'docs/**/*' docs: name: Update @@ -43,9 +46,9 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - name: Deploy uses: ./.github/actions/mkdocs env: - PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index b0adb644e..dd8e6d752 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -9,6 +9,9 @@ on: jobs: changes: + permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests runs-on: ubuntu-latest if: | (github.repository == 'kubernetes/ingress-nginx') @@ -19,9 +22,9 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - - uses: dorny/paths-filter@v2 + - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} @@ -46,7 +49,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@v2 + uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 @@ -58,7 +61,7 @@ jobs: git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.2.1 + uses: helm/chart-releaser-action@c25b74a986eb925b398320414b576227f375f946 # v1.2.1 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" From 1fb0aea2c51fdd9e7f224c54326aa0620bdfb8fa Mon Sep 17 00:00:00 2001 From: Rodrigo Riccitelli Vieira Date: Mon, 14 Mar 2022 12:47:58 -0300 Subject: [PATCH 006/494] Update monitoring.md (#8324) Added missing repo on "helm upgrade" command --- docs/user-guide/monitoring.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index 99039d635..b8df59980 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -20,7 +20,8 @@ This tutorial will show you how to install [Prometheus](https://prometheus.io/) - The easiest way to configure the controller for metrics is via helm upgrade. Assuming you have installed the ingress-nginx controller as a helm release named ingress-controller, then you can simply type the command show below : ``` - helm upgrade ingress-controller ingress-nginx/ingress-nginx \ + helm upgrade ingress-nginx ingress-nginx \ + --repo https://kubernetes.github.io/ingress-nginx \ --namespace ingress-nginx \ --set controller.metrics.enabled=true \ --set-string controller.podAnnotations."prometheus\.io/scrape"="true" \ From 9180ef1ee4728dc772f35f9d5afe54c414f3585c Mon Sep 17 00:00:00 2001 From: thomasbruggink Date: Tue, 15 Mar 2022 00:51:57 +0900 Subject: [PATCH 007/494] Add the shareProcessNamespace as a configurable setting. (#8287) --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/templates/controller-daemonset.yaml | 3 +++ charts/ingress-nginx/templates/controller-deployment.yaml | 3 +++ charts/ingress-nginx/values.yaml | 4 ++++ 4 files changed, 11 insertions(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index ad641f726..c0ef8109d 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -409,6 +409,7 @@ Kubernetes: `>=1.19.0-0` | controller.service.targetPorts.http | string | `"http"` | | | controller.service.targetPorts.https | string | `"https"` | | | controller.service.type | string | `"LoadBalancer"` | | +| controller.shareProcessNamespace | bool | `false` | This can be used for example to signal log rotation using `kill -USR1` from a sidecar. | | controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | | controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | | controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) | diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 72811fbe4..09852d041 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -67,6 +67,9 @@ spec: - name: {{ $sysctl | quote }} value: {{ $value | quote }} {{- end }} + {{- end }} + {{- if .Values.controller.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} {{- end }} containers: - name: {{ .Values.controller.containerName }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index a1943cd91..effd5b06c 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -71,6 +71,9 @@ spec: - name: {{ $sysctl | quote }} value: {{ $value | quote }} {{- end }} + {{- end }} + {{- if .Values.controller.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} {{- end }} containers: - name: {{ .Values.controller.containerName }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index c887dc051..a8b002516 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -529,6 +529,10 @@ controller: ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer # externalTrafficPolicy: "" + # shareProcessNamespace enables process namespace sharing within the pod. + # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. + shareProcessNamespace: false + # -- Additional containers to be added to the controller pod. # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. extraContainers: [] From 01b92b8b3aca887b257851dbbc89e4c57815a4ab Mon Sep 17 00:00:00 2001 From: sskserk <78915702+sskserk@users.noreply.github.com> Date: Mon, 14 Mar 2022 16:55:57 +0100 Subject: [PATCH 008/494] Nginx v1.19.10 (#8307) --- images/nginx/rootfs/build.sh | 4 ++-- images/opentelemetry/rootfs/build.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index bee2561d0..2ee308d68 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -18,7 +18,7 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.19.9 +export NGINX_VERSION=1.19.10 # Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.1...master export NDK_VERSION=0.3.1 @@ -197,7 +197,7 @@ mkdir --verbose -p "$BUILD_PATH" cd "$BUILD_PATH" # download, verify and extract the source files -get_src 2e35dff06a9826e8aca940e9e8be46b7e4b12c19a48d55bfc2dc28fc9cc7d841 \ +get_src e8d0290ff561986ad7cd6c33307e12e11b137186c4403a6a5ccdb4914c082d88 \ "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" get_src 0e971105e210d272a497567fa2e2c256f4e39b845a5ba80d373e26ba1abfbd85 \ diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index a79fdf950..aab2abbd0 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -18,7 +18,7 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.19.9 +export NGINX_VERSION=1.19.10 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp/compare/v1.0.0...main export OPENTELEMETRY_CPP_VERSION=1.0.0 @@ -60,7 +60,7 @@ get_src() } -get_src 2e35dff06a9826e8aca940e9e8be46b7e4b12c19a48d55bfc2dc28fc9cc7d841 \ +get_src e8d0290ff561986ad7cd6c33307e12e11b137186c4403a6a5ccdb4914c082d88 \ "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" get_src 45c52498788e47131b20a4786dbb08f4390b8cb419bd3d61c88b503cafff3324 \ From ba7f295538f6d0e0c1b5cde70c827b4e9796178f Mon Sep 17 00:00:00 2001 From: Ana Claudia Riekstin <17534478+anaclaudiar@users.noreply.github.com> Date: Wed, 16 Mar 2022 09:25:49 -0400 Subject: [PATCH 009/494] Fix 50% split between canary and mainline tests (#8315) * fix 50% canary test * fix past tense * after code review * revert go.sum and go.mod * run gofmt --- test/e2e/annotations/canary.go | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/test/e2e/annotations/canary.go b/test/e2e/annotations/canary.go index 4f1bdcad6..99d164f98 100644 --- a/test/e2e/annotations/canary.go +++ b/test/e2e/annotations/canary.go @@ -18,7 +18,6 @@ package annotations import ( "fmt" - "math" "net/http" "reflect" "regexp" @@ -806,7 +805,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() { Contains(canaryService) }) - ginkgo.It("should route requests evenly split between mainline and canary if canary weight is 50", func() { + ginkgo.It("should route requests split between mainline and canary if canary weight is 50", func() { host := "foo" annotations := map[string]string{} @@ -829,7 +828,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() { f.Namespace, canaryService, 80, canaryAnnotations) f.EnsureIngress(canaryIng) - TestEvenMainlineCanaryDistribution(f, host) + TestMainlineCanaryDistribution(f, host) }) }) @@ -1079,18 +1078,24 @@ var _ = framework.DescribeAnnotation("canary-*", func() { } } - TestEvenMainlineCanaryDistribution(f, host) + TestMainlineCanaryDistribution(f, host) }) }) }) // This method assumes canary weight being configured at 50%. -func TestEvenMainlineCanaryDistribution(f *framework.Framework, host string) { +func TestMainlineCanaryDistribution(f *framework.Framework, host string) { re := regexp.MustCompile(fmt.Sprintf(`%s.*`, framework.EchoService)) replicaRequestCount := map[string]int{} - for i := 0; i < 200; i++ { + // The implementation of choice by weight doesn't guarantee exact + // number of requests, so verify if mainline and canary have at + // least some requests + requestsToGet := 200 + requestsNumberToTest := (40 * requestsToGet) / 100 + + for i := 0; i < requestsToGet; i++ { body := f.HTTPTestClient(). GET("/"). WithHeader("Host", host). @@ -1111,8 +1116,6 @@ func TestEvenMainlineCanaryDistribution(f *framework.Framework, host string) { assert.Equal(ginkgo.GinkgoT(), 2, len(keys)) - // The implmentation of choice by weight doesn't guarantee exact - // number of requests, so verify if request imbalance is within an - // acceptable range. - assert.LessOrEqual(ginkgo.GinkgoT(), math.Abs(float64(replicaRequestCount[keys[0].String()]-replicaRequestCount[keys[1].String()]))/math.Max(float64(replicaRequestCount[keys[0].String()]), float64(replicaRequestCount[keys[1].String()])), 0.2) + assert.GreaterOrEqual(ginkgo.GinkgoT(), int(replicaRequestCount[keys[0].String()]), requestsNumberToTest) + assert.GreaterOrEqual(ginkgo.GinkgoT(), int(replicaRequestCount[keys[1].String()]), requestsNumberToTest) } From 1953efa9d8cc3fdc7f2fff2f1148355047ace244 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 16 Mar 2022 11:52:38 -0400 Subject: [PATCH 010/494] Bumping alpine base to 3.15 --- images/nginx/rootfs/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index a9e180315..9cc5539ae 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.14.2 as builder +FROM alpine:3.15.0 as builder COPY . / @@ -23,7 +23,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.14.2 +FROM alpine:3.15.0 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin From 2fefd714bdb76779365636b9ae91e63eac2198f1 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 16 Mar 2022 12:57:48 -0400 Subject: [PATCH 011/494] update tag and force a new build Signed-off-by: James Strong --- TAG | 2 +- images/nginx/rootfs/Dockerfile | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/TAG b/TAG index 0f1acbd56..99a4aef0c 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.1.2 +v1.1.3 diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 9cc5539ae..d39863aec 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,8 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - - FROM alpine:3.15.0 as builder COPY . / @@ -74,4 +72,5 @@ RUN apk update \ EXPOSE 80 443 ENTRYPOINT ["/usr/local/entrypoint.sh"] + CMD ["nginx", "-g", "daemon off;"] From 952a6dc22ca4a01d62162245e539daf4e827c014 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 16 Mar 2022 14:52:06 -0400 Subject: [PATCH 012/494] control tag with short sha Signed-off-by: James Strong --- images/nginx/cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index d507b8f1a..1e524af21 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -8,7 +8,7 @@ steps: entrypoint: bash env: - DOCKER_CLI_EXPERIMENTAL=enabled - - TAG=$_GIT_TAG + - TAG=$SHORT_SHA - BASE_REF=$_PULL_BASE_REF - REGISTRY=gcr.io/k8s-staging-ingress-nginx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx From 0e2447ed0e41dd441dfb2b2a44559c35b40c1de4 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 16 Mar 2022 15:07:38 -0400 Subject: [PATCH 013/494] add the date per request Signed-off-by: James Strong --- images/nginx/cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index 1e524af21..6c1f844ec 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -8,7 +8,7 @@ steps: entrypoint: bash env: - DOCKER_CLI_EXPERIMENTAL=enabled - - TAG=$SHORT_SHA + - TAG=v$(date "+%Y%m%d")-$SHORT_SHA - BASE_REF=$_PULL_BASE_REF - REGISTRY=gcr.io/k8s-staging-ingress-nginx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx From 5c47803d0f0d37cd83dc942a7e1c3ccd8565681a Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 16 Mar 2022 15:13:24 -0400 Subject: [PATCH 014/494] fix the cloud build Signed-off-by: James Strong --- images/nginx/cloudbuild.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index 6c1f844ec..b5b906a8d 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -8,7 +8,7 @@ steps: entrypoint: bash env: - DOCKER_CLI_EXPERIMENTAL=enabled - - TAG=v$(date "+%Y%m%d")-$SHORT_SHA + - COMMIT=$SHORT_SHA - BASE_REF=$_PULL_BASE_REF - REGISTRY=gcr.io/k8s-staging-ingress-nginx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx @@ -18,7 +18,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && TAG=v$(date "+%Y%m%d")-${COMMIT} make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" From 569b3c2a70cd3f08792e699446b3edae77049f16 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 16 Mar 2022 15:32:45 -0400 Subject: [PATCH 015/494] update cloud build image Signed-off-by: James Strong --- images/nginx/cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index b5b906a8d..d6347e437 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -4,7 +4,7 @@ options: # job builds a multi-arch docker image for amd64,arm,arm64 and s390x. machineType: N1_HIGHCPU_32 steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90 + - name: gcr.io/k8s-staging-test-infra/image-builder:v20220309-4b32800b2d entrypoint: bash env: - DOCKER_CLI_EXPERIMENTAL=enabled From 40bb6c3d2ea0d3b99a4c1644d2194816fd1a5d7d Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 17 Mar 2022 15:02:41 -0400 Subject: [PATCH 016/494] update cloud build (#8349) --- images/nginx/cloudbuild.yaml | 9 +++------ images/nginx/rootfs/Dockerfile | 3 ++- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index d6347e437..3a646fc88 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -4,21 +4,18 @@ options: # job builds a multi-arch docker image for amd64,arm,arm64 and s390x. machineType: N1_HIGHCPU_32 steps: - - name: gcr.io/k8s-staging-test-infra/image-builder:v20220309-4b32800b2d + - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90' entrypoint: bash env: - DOCKER_CLI_EXPERIMENTAL=enabled - - COMMIT=$SHORT_SHA - BASE_REF=$_PULL_BASE_REF - REGISTRY=gcr.io/k8s-staging-ingress-nginx - # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx - # set the home to /root explicitly to if using docker buildx - - HOME=/root + - HOME=/root args: - -c - | gcloud auth configure-docker \ - && TAG=v$(date "+%Y%m%d")-${COMMIT} make push + && TAG=v$(date "+%Y%m%d")-$(git rev-parse --short HEAD) make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index d39863aec..a3c4831bb 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -41,7 +41,8 @@ RUN apk update \ pcre \ zlib \ geoip \ - curl ca-certificates \ + curl \ + ca-certificates \ patch \ yajl \ lmdb \ From 3f19fd646fb2da4a44578861a26486f947894db2 Mon Sep 17 00:00:00 2001 From: Ana Claudia Riekstin <17534478+anaclaudiar@users.noreply.github.com> Date: Thu, 17 Mar 2022 21:19:40 -0400 Subject: [PATCH 017/494] bump Alpine image in Dockerfile (#8350) --- images/opentelemetry/rootfs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index bef5b5562..cea4270d6 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.14.2 as builder +FROM alpine:3.15.0 as builder COPY . / From e51c15160e9b4d641fc9e289601676e1adc70e19 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 18 Mar 2022 13:04:41 -0400 Subject: [PATCH 018/494] fix indent on env (#8352) * fix indent on env * revert tag to - TAG=$_GIT_TAG --- images/nginx/cloudbuild.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index 3a646fc88..0b81aa8d6 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -9,13 +9,14 @@ steps: env: - DOCKER_CLI_EXPERIMENTAL=enabled - BASE_REF=$_PULL_BASE_REF + - TAG=$_GIT_TAG - REGISTRY=gcr.io/k8s-staging-ingress-nginx - - HOME=/root + - HOME=/root args: - -c - | gcloud auth configure-docker \ - && TAG=v$(date "+%Y%m%d")-$(git rev-parse --short HEAD) make push + && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" From d27d7c20b415c2e313e61aa3d032f82ca14c504e Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Mon, 21 Mar 2022 22:46:47 +0000 Subject: [PATCH 019/494] Updated semver in install docs URLs (#8368) --- docs/deploy/index.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 9f613308b..966703afb 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -28,6 +28,8 @@ On most Kubernetes clusters, the ingress controller will work without requiring - ... [Bare-metal](#bare-metal-clusters) - [Miscellaneous](#miscellaneous) +## TODO : We have subdirectories for kubernetes versions now because of a PR https://github.com/kubernetes/ingress-nginx/pull/8162 . You can see this here https://github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud . We need to add documentation here that is clear and unambiguous in guiding users to pick the deployment manifest under a subdirectory, based on the K8S version being used. But until the explicit clear docs land here, users are recommended to feel free to use those subdirectories and get the manifest(s) related to their K8S version. + ## Quick start **If you have Helm,** you can deploy the ingress controller with the following command: @@ -49,7 +51,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -184,17 +186,17 @@ In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controll ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -236,7 +238,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -250,7 +252,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/cloud/deploy.yaml ``` More information with regards to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -258,13 +260,13 @@ More information with regards to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/do/deploy.yaml ``` #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -278,7 +280,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/cloud/deploy.yaml ``` A [complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation. @@ -290,7 +292,7 @@ This section is applicable to Kubernetes clusters deployed on bare metal servers For quick testing, you can use a [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), see [bare-metal considerations](./baremetal.md). From 5c07c862e1f69e39da1e6b4121bba631f55e5651 Mon Sep 17 00:00:00 2001 From: Nishant Jain Date: Tue, 22 Mar 2022 16:53:44 +0530 Subject: [PATCH 020/494] Removed s390x, linux/arm platform as docker build was crashing (#8121) Co-authored-by: Carlos Tadeu Panato Junior --- .github/workflows/ci.yaml | 8 +- .../external-auth-headers/Makefile | 23 -- .../{deploy => }/auth-service.yaml | 2 +- .../external-auth-headers/authsvc/Dockerfile | 5 - .../{deploy => }/echo-service.yaml | 2 +- .../external-auth-headers/echosvc/Dockerfile | 5 - .../external-auth-headers/echosvc/echosvc.go | 32 --- images/echo/Makefile | 2 +- images/ext-auth-example-authsvc/Makefile | 55 +++++ .../ext-auth-example-authsvc/cloudbuild.yaml | 24 ++ .../rootfs/Dockerfile | 10 + .../rootfs}/authsvc.go | 0 images/ext-auth-example-authsvc/rootfs/go.mod | 8 + images/ext-auth-example-authsvc/rootfs/go.sum | 215 ++++++++++++++++++ 14 files changed, 322 insertions(+), 69 deletions(-) delete mode 100644 docs/examples/customization/external-auth-headers/Makefile rename docs/examples/customization/external-auth-headers/{deploy => }/auth-service.yaml (90%) delete mode 100644 docs/examples/customization/external-auth-headers/authsvc/Dockerfile rename docs/examples/customization/external-auth-headers/{deploy => }/echo-service.yaml (96%) delete mode 100644 docs/examples/customization/external-auth-headers/echosvc/Dockerfile delete mode 100644 docs/examples/customization/external-auth-headers/echosvc/echosvc.go create mode 100644 images/ext-auth-example-authsvc/Makefile create mode 100644 images/ext-auth-example-authsvc/cloudbuild.yaml create mode 100644 images/ext-auth-example-authsvc/rootfs/Dockerfile rename {docs/examples/customization/external-auth-headers/authsvc => images/ext-auth-example-authsvc/rootfs}/authsvc.go (100%) create mode 100644 images/ext-auth-example-authsvc/rootfs/go.mod create mode 100644 images/ext-auth-example-authsvc/rootfs/go.sum diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cec6488ff..63d41b588 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -256,7 +256,7 @@ jobs: pull-requests: read # for dorny/paths-filter to read pull requests runs-on: ubuntu-latest env: - PLATFORMS: linux/amd64 + PLATFORMS: linux/amd64,linux/arm64 steps: - name: Checkout uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 @@ -280,6 +280,8 @@ jobs: - 'images/httpbin/**' kube-webhook-certgen: - 'images/kube-webhook-certgen/**' + ext-auth-example-authsvc: + - 'images/ext-auth-example-authsvc/**' - name: custom-error-pages image build if: ${{ steps.filter-images.outputs.custom-error-pages == 'true' }} @@ -309,6 +311,10 @@ jobs: if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} run: | cd images/kube-webhook-certgen && make build + - name: ext-auth-example-authsvc + if: ${{ steps.filter-images.outputs.ext-auth-example-authsvc == 'true' }} + run: | + cd images/ext-auth-example-authsvc && make build test-image: permissions: diff --git a/docs/examples/customization/external-auth-headers/Makefile b/docs/examples/customization/external-auth-headers/Makefile deleted file mode 100644 index 1ee7e06ac..000000000 --- a/docs/examples/customization/external-auth-headers/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -all: push - -TAG=0.1 -PREFIX?=electroma/ingress-demo- -ARCH?=amd64 -GOLANG_VERSION=1.9 -TEMP_DIR:=$(shell mktemp -d) - -build: clean - CGO_ENABLED=0 GOOS=linux GOARCH=$(ARCH) go build -o authsvc/authsvc authsvc/authsvc.go - CGO_ENABLED=0 GOOS=linux GOARCH=$(ARCH) go build -o echosvc/echosvc echosvc/echosvc.go - -container: build - docker build --pull -t $(PREFIX)authsvc-$(ARCH):$(TAG) authsvc - docker build --pull -t $(PREFIX)echosvc-$(ARCH):$(TAG) echosvc - -push: container - docker push $(PREFIX)authsvc-$(ARCH):$(TAG) - docker push $(PREFIX)echosvc-$(ARCH):$(TAG) - -clean: - rm -f authsvc/authsvc echosvc/echosvc - diff --git a/docs/examples/customization/external-auth-headers/deploy/auth-service.yaml b/docs/examples/customization/external-auth-headers/auth-service.yaml similarity index 90% rename from docs/examples/customization/external-auth-headers/deploy/auth-service.yaml rename to docs/examples/customization/external-auth-headers/auth-service.yaml index 3a5dff12c..faa345921 100644 --- a/docs/examples/customization/external-auth-headers/deploy/auth-service.yaml +++ b/docs/examples/customization/external-auth-headers/auth-service.yaml @@ -18,7 +18,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: auth-service - image: electroma/ingress-demo-authsvc-amd64:0.1 + image: gcr.io/k8s-staging-ingress-nginx/ext-auth-example-authsvc:v1.0.0 ports: - containerPort: 8080 resources: diff --git a/docs/examples/customization/external-auth-headers/authsvc/Dockerfile b/docs/examples/customization/external-auth-headers/authsvc/Dockerfile deleted file mode 100644 index 90e6ec2cb..000000000 --- a/docs/examples/customization/external-auth-headers/authsvc/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM alpine:3.10 -MAINTAINER Roman Safronov -COPY authsvc / -EXPOSE 8080 -ENTRYPOINT ["/authsvc"] diff --git a/docs/examples/customization/external-auth-headers/deploy/echo-service.yaml b/docs/examples/customization/external-auth-headers/echo-service.yaml similarity index 96% rename from docs/examples/customization/external-auth-headers/deploy/echo-service.yaml rename to docs/examples/customization/external-auth-headers/echo-service.yaml index 9881ac8d0..636aaded1 100644 --- a/docs/examples/customization/external-auth-headers/deploy/echo-service.yaml +++ b/docs/examples/customization/external-auth-headers/echo-service.yaml @@ -18,7 +18,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: echo-service - image: electroma/ingress-demo-echosvc-amd64:0.1 + image: gcr.io/k8s-staging-ingress-nginx/e2e-test-echo:v1.0.0 ports: - containerPort: 8080 resources: diff --git a/docs/examples/customization/external-auth-headers/echosvc/Dockerfile b/docs/examples/customization/external-auth-headers/echosvc/Dockerfile deleted file mode 100644 index 04e4ead42..000000000 --- a/docs/examples/customization/external-auth-headers/echosvc/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM alpine:3.10 -MAINTAINER Roman Safronov -COPY echosvc / -EXPOSE 8080 -ENTRYPOINT ["/echosvc"] diff --git a/docs/examples/customization/external-auth-headers/echosvc/echosvc.go b/docs/examples/customization/external-auth-headers/echosvc/echosvc.go deleted file mode 100644 index ba9702aa0..000000000 --- a/docs/examples/customization/external-auth-headers/echosvc/echosvc.go +++ /dev/null @@ -1,32 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "fmt" - "net/http" -) - -func handler(w http.ResponseWriter, r *http.Request) { - fmt.Fprintf(w, "UserID: %s, UserRole: %s", r.Header.Get("UserID"), r.Header.Get("UserRole")) -} - -// Sample "echo" service displaying UserID and UserRole HTTP request headers -func main() { - http.HandleFunc("/", handler) - http.ListenAndServe(":8080", nil) -} diff --git a/images/echo/Makefile b/images/echo/Makefile index 7a93aec25..38a341146 100644 --- a/images/echo/Makefile +++ b/images/echo/Makefile @@ -18,7 +18,7 @@ SHELL=/bin/bash -o pipefail -o errexit DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh -TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD) +TAG ?=v1.0.0 REGISTRY ?= local IMAGE = $(REGISTRY)/e2e-test-echo diff --git a/images/ext-auth-example-authsvc/Makefile b/images/ext-auth-example-authsvc/Makefile new file mode 100644 index 000000000..85d2f8e6b --- /dev/null +++ b/images/ext-auth-example-authsvc/Makefile @@ -0,0 +1,55 @@ +# Copyright 2022 The Kubernetes Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# set default shell +SHELL=/bin/bash -o pipefail -o errexit + +DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) +INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh + +TAG ?=v1.0.0 +REGISTRY ?= local + +IMAGE = $(REGISTRY)/ext-auth-example-authsvc + +# required to enable buildx +export DOCKER_CLI_EXPERIMENTAL=enabled + +# build with buildx +PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x +OUTPUT= +PROGRESS=plain + +build: ensure-buildx + docker buildx build \ + --platform=${PLATFORMS} $(OUTPUT) \ + --progress=$(PROGRESS) \ + --pull \ + -t $(IMAGE):$(TAG) rootfs + +# push the cross built image +push: OUTPUT=--push +push: build + +# enable buildx +ensure-buildx: +# this is required for cloudbuild +ifeq ("$(wildcard $(INIT_BUILDX))","") + @curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/hack/init-buildx.sh | bash +else + @exec $(INIT_BUILDX) +endif + @echo "done" + +.PHONY: build push ensure-buildx diff --git a/images/ext-auth-example-authsvc/cloudbuild.yaml b/images/ext-auth-example-authsvc/cloudbuild.yaml new file mode 100644 index 000000000..b92b9c877 --- /dev/null +++ b/images/ext-auth-example-authsvc/cloudbuild.yaml @@ -0,0 +1,24 @@ +timeout: 1200s +options: + substitution_option: ALLOW_LOOSE + # job builds a multi-arch docker image for amd64,arm,arm64 and s390x. + machineType: N1_HIGHCPU_8 +steps: + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90 + entrypoint: bash + env: + - DOCKER_CLI_EXPERIMENTAL=enabled + - TAG=$_GIT_TAG + - BASE_REF=$_PULL_BASE_REF + - REGISTRY=gcr.io/k8s-staging-ingress-nginx + # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx + # set the home to /root explicitly to if using docker buildx + - HOME=/root + args: + - -c + - | + gcloud auth configure-docker \ + && make push +substitutions: + _GIT_TAG: "12345" + _PULL_BASE_REF: "master" diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile new file mode 100644 index 000000000..ee2737286 --- /dev/null +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -0,0 +1,10 @@ +FROM golang:1.17.6-alpine3.15 as builder +RUN mkdir /authsvc +WORKDIR /authsvc +COPY . ./ +RUN CGO_ENABLED=0 GOOS=linux go build -o authsvc authsvc.go + +FROM gcr.io/distroless/base-debian11 +COPY --from=builder /authsvc/authsvc / +EXPOSE 8080 +ENTRYPOINT ["/authsvc"] \ No newline at end of file diff --git a/docs/examples/customization/external-auth-headers/authsvc/authsvc.go b/images/ext-auth-example-authsvc/rootfs/authsvc.go similarity index 100% rename from docs/examples/customization/external-auth-headers/authsvc/authsvc.go rename to images/ext-auth-example-authsvc/rootfs/authsvc.go diff --git a/images/ext-auth-example-authsvc/rootfs/go.mod b/images/ext-auth-example-authsvc/rootfs/go.mod new file mode 100644 index 000000000..72f2a1049 --- /dev/null +++ b/images/ext-auth-example-authsvc/rootfs/go.mod @@ -0,0 +1,8 @@ +module example.com/authsvc + +go 1.17 + +require ( + github.com/google/uuid v1.1.2 // indirect + k8s.io/apimachinery v0.23.1 // indirect +) diff --git a/images/ext-auth-example-authsvc/rootfs/go.sum b/images/ext-auth-example-authsvc/rootfs/go.sum new file mode 100644 index 000000000..6e3fab295 --- /dev/null +++ b/images/ext-auth-example-authsvc/rootfs/go.sum @@ -0,0 +1,215 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= +github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= +github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= +github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= +github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +k8s.io/apimachinery v0.23.1 h1:sfBjlDFwj2onG0Ijx5C+SrAoeUscPrmghm7wHP+uXlo= +k8s.io/apimachinery v0.23.1/go.mod h1:SADt2Kl8/sttJ62RRsi9MIV4o8f5S3coArm0Iu3fBno= +k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= +k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= +k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= +k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= +sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= +sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= +sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= From f192ed0ed75dd3315bab782743078ba858bf828b Mon Sep 17 00:00:00 2001 From: Tim Borkhodoev <38668303+SomalianIvan@users.noreply.github.com> Date: Tue, 22 Mar 2022 21:53:58 -0400 Subject: [PATCH 021/494] bump luarocks to 3.8.0 (#8379) --- images/echo/Makefile | 4 ++-- images/test-runner/Makefile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/images/echo/Makefile b/images/echo/Makefile index 38a341146..9131d608d 100644 --- a/images/echo/Makefile +++ b/images/echo/Makefile @@ -37,8 +37,8 @@ build: ensure-buildx --progress=$(PROGRESS) \ --pull \ --build-arg BASE_IMAGE=k8s.gcr.io/ingress-nginx/nginx:v20210926-g5662db450@sha256:1ef404b5e8741fe49605a1f40c3fdd8ef657aecdb9526ea979d1672eeabd0cd9 \ - --build-arg LUAROCKS_VERSION=3.3.1 \ - --build-arg LUAROCKS_SHA=837481e408f7c06b59befe7ec194537c657687d624894bca7f79034302141a34 \ + --build-arg LUAROCKS_VERSION=3.8.0 \ + --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ -t $(IMAGE):$(TAG) rootfs # push the cross built image diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 4caebebd3..bf7df8625 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -44,8 +44,8 @@ build: ensure-buildx --build-arg K8S_RELEASE=v1.21.3 \ --build-arg RESTY_CLI_VERSION=0.27 \ --build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \ - --build-arg LUAROCKS_VERSION=3.3.1 \ - --build-arg LUAROCKS_SHA=837481e408f7c06b59befe7ec194537c657687d624894bca7f79034302141a34 \ + --build-arg LUAROCKS_VERSION=3.8.0 \ + --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ --build-arg CHART_TESTING_VERSION=3.0.0 \ --build-arg YAML_LINT_VERSION=1.13.0 \ --build-arg YAMALE_VERSION=1.8.0 \ From b6c7061e07423938410a175a5c295497ffe5f4ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Mar 2022 12:45:20 -0700 Subject: [PATCH 022/494] Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#8360) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.0 to 1.7.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 98d374bf0..0def711f4 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/prometheus/common v0.32.1 github.com/spf13/cobra v1.3.0 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.7.0 + github.com/stretchr/testify v1.7.1 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 golang.org/x/net v0.0.0-20211209124913-491a49abca63 diff --git a/go.sum b/go.sum index 573fc3f84..f82322a19 100644 --- a/go.sum +++ b/go.sum @@ -636,8 +636,9 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= From 5298448865bd6bc742ca3eacd52e8bdb9a3eda81 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 25 Mar 2022 13:21:58 -0400 Subject: [PATCH 023/494] downgrade to 3.14.4 and fix tag (#8386) Signed-off-by: James Strong --- TAG | 2 +- images/nginx/rootfs/Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/TAG b/TAG index 99a4aef0c..0f1acbd56 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.1.3 +v1.1.2 diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index a3c4831bb..0cb0119a4 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.15.0 as builder +FROM alpine:3.14.4 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.15.0 +FROM alpine:3.14.4 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin From 08fcd942c7fa141d806cf689a57e0e2b65f235a7 Mon Sep 17 00:00:00 2001 From: Tomoyuki KOYAMA Date: Mon, 28 Mar 2022 18:29:23 +0900 Subject: [PATCH 024/494] fix code highlight (#8392) --- docs/user-guide/monitoring.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index b8df59980..56eac8048 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -40,7 +40,7 @@ This tutorial will show you how to install [Prometheus](https://prometheus.io/) service: annotations: prometheus.io/port: "10254" - prometheus.io/scrape: "true" + prometheus.io/scrape: "true" .. ``` - If you are **not using helm**, you will have to edit your manifests like this: @@ -61,7 +61,6 @@ This tutorial will show you how to install [Prometheus](https://prometheus.io/) .. ``` - - Deployment manifest: ``` apiVersion: v1 @@ -76,8 +75,7 @@ This tutorial will show you how to install [Prometheus](https://prometheus.io/) - name: prometheus containerPort: 10254 .. - - ``` + ``` ### Deploy and configure Prometheus Server From 9960efe1e9a9c6e944967b52e1a8a7b7b659874d Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 28 Mar 2022 10:49:23 -0400 Subject: [PATCH 025/494] remove (#8394) Signed-off-by: James Strong --- images/nginx/cloudbuild.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index 0b81aa8d6..3e3d13579 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -9,7 +9,7 @@ steps: env: - DOCKER_CLI_EXPERIMENTAL=enabled - BASE_REF=$_PULL_BASE_REF - - TAG=$_GIT_TAG + - TAG=$_PULL_BASE_SHA - REGISTRY=gcr.io/k8s-staging-ingress-nginx - HOME=/root args: @@ -20,3 +20,4 @@ steps: substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" + _PULL_BASE_SHA: '12345' From 244d1dbcb0741b226d86c782c05ad4189af617d3 Mon Sep 17 00:00:00 2001 From: Damien Mathieu <42@dmathieu.com> Date: Tue, 29 Mar 2022 10:28:48 +0200 Subject: [PATCH 026/494] ensure module directory exists before moving the library there --- images/opentelemetry/rootfs/init_module.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/images/opentelemetry/rootfs/init_module.sh b/images/opentelemetry/rootfs/init_module.sh index f1e4b27d7..bac5e64aa 100755 --- a/images/opentelemetry/rootfs/init_module.sh +++ b/images/opentelemetry/rootfs/init_module.sh @@ -18,4 +18,5 @@ set -o errexit set -o nounset set -o pipefail +mkdir -p /modules_mount/etc/nginx/modules cp -R /etc/nginx/modules /modules_mount/etc/nginx/modules From 79aa43540c67037ceae494a2f655adb00671ead3 Mon Sep 17 00:00:00 2001 From: Damien Mathieu <42@dmathieu.com> Date: Tue, 29 Mar 2022 12:07:43 +0200 Subject: [PATCH 027/494] fix build and upgrade otel to latest version --- images/opentelemetry/rootfs/Dockerfile | 2 +- images/opentelemetry/rootfs/build.sh | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index cea4270d6..84f5a3e7c 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.15.0 as builder +FROM alpine:3.14.4 as builder COPY . / diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index aab2abbd0..67d1e67b2 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -20,11 +20,11 @@ set -o pipefail export NGINX_VERSION=1.19.10 -# Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp/compare/v1.0.0...main -export OPENTELEMETRY_CPP_VERSION=1.0.0 +# Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp/compare/v1.2.0...main +export OPENTELEMETRY_CPP_VERSION=1.2.0 -# Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/f4850...main -export OPENTELEMETRY_CONTRIB_COMMIT=f48500884b1b32efc456790bbcdc2e6cf7a8e630 +# Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/2656a4...main +export OPENTELEMETRY_CONTRIB_COMMIT=2656a4072e257b6794da86ddd1b773b49f5517b3 export BUILD_PATH=/tmp/build @@ -63,7 +63,7 @@ get_src() get_src e8d0290ff561986ad7cd6c33307e12e11b137186c4403a6a5ccdb4914c082d88 \ "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" -get_src 45c52498788e47131b20a4786dbb08f4390b8cb419bd3d61c88b503cafff3324 \ +get_src 360cdcbd1a235ec62119cc53956b2d31b6ff5f41d44415be53acc544709d58b8 \ "https://github.com/open-telemetry/opentelemetry-cpp-contrib/archive/$OPENTELEMETRY_CONTRIB_COMMIT.tar.gz" # improve compilation times From 5402d35663917ccbbf77ff48a22b8c6f77097f48 Mon Sep 17 00:00:00 2001 From: Aditya Kamath Date: Thu, 31 Mar 2022 03:37:01 -0700 Subject: [PATCH 028/494] Add execute permissions to nginx image entrypoint.sh (#8403) --- images/nginx/rootfs/entrypoint.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 images/nginx/rootfs/entrypoint.sh diff --git a/images/nginx/rootfs/entrypoint.sh b/images/nginx/rootfs/entrypoint.sh old mode 100644 new mode 100755 From 87979099fd53ea1557da4b72cbc07a0e5fd1373b Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Thu, 31 Mar 2022 16:55:00 +0530 Subject: [PATCH 029/494] set execute bit on entrypoint.sh (#8404) --- images/nginx/rootfs/Dockerfile | 55 +++++++++++++++++----------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 0cb0119a4..ccf70f143 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -33,41 +33,42 @@ COPY --from=builder /opt /opt COPY --from=builder /etc/nginx /etc/nginx COPY --from=builder entrypoint.sh /usr/local/entrypoint.sh -RUN apk update \ +RUN chmod +x /usr/local/entrypoint.sh \ + && apk update \ && apk upgrade \ && apk add -U --no-cache \ - bash \ - openssl \ - pcre \ - zlib \ - geoip \ - curl \ - ca-certificates \ - patch \ - yajl \ - lmdb \ - libxml2 \ - libmaxminddb \ - yaml-cpp \ - dumb-init \ - nano \ - tzdata \ + bash \ + openssl \ + pcre \ + zlib \ + geoip \ + curl \ + ca-certificates \ + patch \ + yajl \ + lmdb \ + libxml2 \ + libmaxminddb \ + yaml-cpp \ + dumb-init \ + nano \ + tzdata \ && ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \ && adduser -S -D -H -u 101 -h /usr/local/nginx \ - -s /sbin/nologin -G www-data -g www-data www-data \ + -s /sbin/nologin -G www-data -g www-data www-data \ && bash -eu -c ' \ writeDirs=( \ - /var/log/nginx \ - /var/lib/nginx/body \ - /var/lib/nginx/fastcgi \ - /var/lib/nginx/proxy \ - /var/lib/nginx/scgi \ - /var/lib/nginx/uwsgi \ - /var/log/audit \ + /var/log/nginx \ + /var/lib/nginx/body \ + /var/lib/nginx/fastcgi \ + /var/lib/nginx/proxy \ + /var/lib/nginx/scgi \ + /var/lib/nginx/uwsgi \ + /var/log/audit \ ); \ for dir in "${writeDirs[@]}"; do \ - mkdir -p ${dir}; \ - chown -R www-data.www-data ${dir}; \ + mkdir -p ${dir}; \ + chown -R www-data.www-data ${dir}; \ done' EXPOSE 80 443 From f1cb2b73cae4f68f5fcf7df74654adef045910ff Mon Sep 17 00:00:00 2001 From: Aditya Kamath Date: Thu, 31 Mar 2022 13:43:04 -0700 Subject: [PATCH 030/494] update nginx base image to new alpine 3.14.4 build - try 2 (#8409) * update nginx base image to new alpine 3.14.4 build Signed-off-by: James Strong * update test image Signed-off-by: James Strong * Update nginx base image Signed-off-by: Aditya Kamath Co-authored-by: James Strong --- Makefile | 2 +- images/echo/Makefile | 2 +- images/nginx/README.md | 2 +- images/nginx/rc.yaml | 2 +- images/test-runner/Makefile | 2 +- test/e2e-image/Dockerfile | 2 +- test/e2e/framework/deployment.go | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index b1c90e0f1..d7ae2adfb 100644 --- a/Makefile +++ b/Makefile @@ -51,7 +51,7 @@ endif REGISTRY ?= gcr.io/k8s-staging-ingress-nginx -BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:v20210926-g5662db450@sha256:1ef404b5e8741fe49605a1f40c3fdd8ef657aecdb9526ea979d1672eeabd0cd9 +BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 GOARCH=$(ARCH) diff --git a/images/echo/Makefile b/images/echo/Makefile index 9131d608d..01d532731 100644 --- a/images/echo/Makefile +++ b/images/echo/Makefile @@ -36,7 +36,7 @@ build: ensure-buildx --platform=${PLATFORMS} $(OUTPUT) \ --progress=$(PROGRESS) \ --pull \ - --build-arg BASE_IMAGE=k8s.gcr.io/ingress-nginx/nginx:v20210926-g5662db450@sha256:1ef404b5e8741fe49605a1f40c3fdd8ef657aecdb9526ea979d1672eeabd0cd9 \ + --build-arg BASE_IMAGE=k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 \ --build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ -t $(IMAGE):$(TAG) rootfs diff --git a/images/nginx/README.md b/images/nginx/README.md index 376948743..8bd1469dd 100644 --- a/images/nginx/README.md +++ b/images/nginx/README.md @@ -20,6 +20,6 @@ This image provides a default configuration file with no backend servers. _Using docker_ ```console -docker run -v /some/nginx.conf:/etc/nginx/nginx.conf:ro k8s.gcr.io/ingress-nginx/nginx:v20210926-g5662db450@sha256:1ef404b5e8741fe49605a1f40c3fdd8ef657aecdb9526ea979d1672eeabd0cd9 +docker run -v /some/nginx.conf:/etc/nginx/nginx.conf:ro k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 ``` diff --git a/images/nginx/rc.yaml b/images/nginx/rc.yaml index 043d7bfe4..cf9c59d15 100644 --- a/images/nginx/rc.yaml +++ b/images/nginx/rc.yaml @@ -38,7 +38,7 @@ spec: spec: containers: - name: nginx - image: k8s.gcr.io/ingress-nginx/nginx:v20210926-g5662db450@sha256:1ef404b5e8741fe49605a1f40c3fdd8ef657aecdb9526ea979d1672eeabd0cd9 + image: k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 ports: - containerPort: 80 - containerPort: 443 diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index bf7df8625..038d689b7 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -23,7 +23,7 @@ REGISTRY ?= local IMAGE = $(REGISTRY)/e2e-test-runner -NGINX_BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:v20210926-g5662db450@sha256:1ef404b5e8741fe49605a1f40c3fdd8ef657aecdb9526ea979d1672eeabd0cd9 +NGINX_BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index e53d02242..4daece323 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,6 +1,6 @@ FROM k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220110-gfd820db46@sha256:273f7d9b1b2297cd96b4d51600e45d932186a1cc79d00d179dfb43654112fe8f AS BASE -FROM alpine:3.12 +FROM alpine:3.14.4 RUN apk add -U --no-cache \ ca-certificates \ diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 3775af8bc..0e886aff5 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -38,7 +38,7 @@ const SlowEchoService = "slow-echo" const HTTPBinService = "httpbin" // NginxBaseImage use for testing -const NginxBaseImage = "k8s.gcr.io/ingress-nginx/nginx:v20210926-g5662db450@sha256:1ef404b5e8741fe49605a1f40c3fdd8ef657aecdb9526ea979d1672eeabd0cd9" +const NginxBaseImage = "k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180" type deploymentOptions struct { namespace string From e5b028a75d2f905117fe278c240632e3307b367a Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 31 Mar 2022 17:08:30 -0400 Subject: [PATCH 031/494] update tag to 1.1.3 to kick off controller-v1.1.3 build Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 0f1acbd56..99a4aef0c 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.1.2 +v1.1.3 From 230d8e67921c5747cc29baf230ba09431bcbfc4c Mon Sep 17 00:00:00 2001 From: David Jansen <39294842+dajsn@users.noreply.github.com> Date: Fri, 1 Apr 2022 03:18:38 +0200 Subject: [PATCH 032/494] doc: fix deployment manifest example (#8407) --- docs/user-guide/monitoring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index 56eac8048..048607cd5 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -64,8 +64,8 @@ This tutorial will show you how to install [Prometheus](https://prometheus.io/) - Deployment manifest: ``` apiVersion: v1 - metadata: kind: Deployment + metadata: annotations: prometheus.io/scrape: "true" prometheus.io/port: "10254" From b9f50e691d36af5ad1194a6855fb1df0c0d8af53 Mon Sep 17 00:00:00 2001 From: LongWuYuan Date: Fri, 1 Apr 2022 17:07:08 +0530 Subject: [PATCH 033/494] base img update for e2e-test-runner & opentelemetry --- build/run-in-docker.sh | 2 +- charts/ingress-nginx/values.yaml | 4 ++-- test/e2e-image/Dockerfile | 14 +++++++------- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index e89abe9d8..60c566941 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -37,7 +37,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220110-gfd820db46@sha256:273f7d9b1b2297cd96b4d51600e45d932186a1cc79d00d179dfb43654112fe8f} +E2E_IMAGE=${E2E_IMAGE:-k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220331-controller-v1.1.2-31-gf1cb2b73c@sha256:baa326f5c726d65be828852943a259c1f0572883590b9081b7e8fa982d64d96e} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index a8b002516..f355e5eaa 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -575,8 +575,8 @@ controller: extraModules: [] ## Modules, which are mounted into the core nginx image - # - name: opentelemetry - # image: busybox + # - name: opentelemetry:v20220331-controller-v1.1.2-36-g7517b7ecf@sha256:e3f635474b5da24ccd0ea6b078fb190dae68b8b4a44b52bea19ec2561f0102ec + # image: k8s.gcr.io/ingress-nginx/opentelemetry: # # The image must contain a `/usr/local/bin/init_module.sh` executable, which # will be executed as initContainers, to move its config files within the diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index 4daece323..002a002cd 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,14 +1,14 @@ -FROM k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220110-gfd820db46@sha256:273f7d9b1b2297cd96b4d51600e45d932186a1cc79d00d179dfb43654112fe8f AS BASE +FROM k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220331-controller-v1.1.2-31-gf1cb2b73c@sha256:baa326f5c726d65be828852943a259c1f0572883590b9081b7e8fa982d64d96e AS BASE FROM alpine:3.14.4 RUN apk add -U --no-cache \ - ca-certificates \ - bash \ - curl \ - tzdata \ - libc6-compat \ - openssl + ca-certificates \ + bash \ + curl \ + tzdata \ + libc6-compat \ + openssl COPY --from=BASE /go/bin/ginkgo /usr/local/bin/ COPY --from=BASE /usr/local/bin/helm /usr/local/bin/ From ac3b86b2c386c9a27297fdfb91ebf09dbe6056ed Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 1 Apr 2022 12:14:46 -0400 Subject: [PATCH 034/494] release 1.1.3 details (#8411) * release 1.1.3 details fix the readme with right sha and version remove helm label fix issue 8329 fix the 1.20 service after the fix for ipv6 udpate readme and change for patches * update helm doc Signed-off-by: James Strong --- .gitignore | 1 + Changelog.md | 38 +++++++ README.md | 32 +++--- charts/ingress-nginx/Chart.yaml | 11 +- charts/ingress-nginx/README.md | 6 +- .../templates/controller-service.yaml | 4 +- charts/ingress-nginx/values.yaml | 4 +- deploy/static/provider/aws/1.19/deploy.yaml | 103 ++++------------- .../provider/aws/1.19/kustomization.yaml | 2 +- deploy/static/provider/aws/1.20/deploy.yaml | 106 ++++------------- .../provider/aws/1.20/kustomization.yaml | 2 +- deploy/static/provider/aws/1.21/deploy.yaml | 103 ++++------------- .../provider/aws/1.21/kustomization.yaml | 2 +- deploy/static/provider/aws/1.22/deploy.yaml | 103 ++++------------- .../provider/aws/1.22/kustomization.yaml | 2 +- deploy/static/provider/aws/1.23/deploy.yaml | 103 ++++------------- .../provider/aws/1.23/kustomization.yaml | 2 +- deploy/static/provider/aws/deploy.yaml | 107 ++++-------------- deploy/static/provider/aws/kustomization.yaml | 2 +- .../nlb-with-tls-termination/1.19/deploy.yaml | 103 ++++------------- .../1.19/kustomization.yaml | 2 +- .../nlb-with-tls-termination/1.20/deploy.yaml | 106 ++++------------- .../1.20/kustomization.yaml | 2 +- .../nlb-with-tls-termination/1.21/deploy.yaml | 103 ++++------------- .../1.21/kustomization.yaml | 2 +- .../nlb-with-tls-termination/1.22/deploy.yaml | 103 ++++------------- .../1.22/kustomization.yaml | 2 +- .../nlb-with-tls-termination/1.23/deploy.yaml | 103 ++++------------- .../1.23/kustomization.yaml | 2 +- .../aws/nlb-with-tls-termination/deploy.yaml | 107 ++++-------------- .../kustomization.yaml | 2 +- .../provider/baremetal/1.19/deploy.yaml | 103 ++++------------- .../baremetal/1.19/kustomization.yaml | 2 +- .../provider/baremetal/1.20/deploy.yaml | 106 ++++------------- .../baremetal/1.20/kustomization.yaml | 2 +- .../provider/baremetal/1.21/deploy.yaml | 103 ++++------------- .../baremetal/1.21/kustomization.yaml | 2 +- .../provider/baremetal/1.22/deploy.yaml | 103 ++++------------- .../baremetal/1.22/kustomization.yaml | 2 +- .../provider/baremetal/1.23/deploy.yaml | 103 ++++------------- .../baremetal/1.23/kustomization.yaml | 2 +- deploy/static/provider/baremetal/deploy.yaml | 107 ++++-------------- .../provider/baremetal/kustomization.yaml | 2 +- deploy/static/provider/cloud/1.19/deploy.yaml | 103 ++++------------- .../provider/cloud/1.19/kustomization.yaml | 2 +- deploy/static/provider/cloud/1.20/deploy.yaml | 106 ++++------------- .../provider/cloud/1.20/kustomization.yaml | 2 +- deploy/static/provider/cloud/1.21/deploy.yaml | 103 ++++------------- .../provider/cloud/1.21/kustomization.yaml | 2 +- deploy/static/provider/cloud/1.22/deploy.yaml | 103 ++++------------- .../provider/cloud/1.22/kustomization.yaml | 2 +- deploy/static/provider/cloud/1.23/deploy.yaml | 103 ++++------------- .../provider/cloud/1.23/kustomization.yaml | 2 +- deploy/static/provider/cloud/deploy.yaml | 107 ++++-------------- .../static/provider/cloud/kustomization.yaml | 2 +- deploy/static/provider/do/1.19/deploy.yaml | 103 ++++------------- .../provider/do/1.19/kustomization.yaml | 2 +- deploy/static/provider/do/1.20/deploy.yaml | 106 ++++------------- .../provider/do/1.20/kustomization.yaml | 2 +- deploy/static/provider/do/1.21/deploy.yaml | 103 ++++------------- .../provider/do/1.21/kustomization.yaml | 2 +- deploy/static/provider/do/1.22/deploy.yaml | 103 ++++------------- .../provider/do/1.22/kustomization.yaml | 2 +- deploy/static/provider/do/1.23/deploy.yaml | 103 ++++------------- .../provider/do/1.23/kustomization.yaml | 2 +- deploy/static/provider/do/deploy.yaml | 107 ++++-------------- deploy/static/provider/do/kustomization.yaml | 2 +- .../static/provider/exoscale/1.19/deploy.yaml | 103 ++++------------- .../provider/exoscale/1.19/kustomization.yaml | 2 +- .../static/provider/exoscale/1.20/deploy.yaml | 106 ++++------------- .../provider/exoscale/1.20/kustomization.yaml | 2 +- .../static/provider/exoscale/1.21/deploy.yaml | 103 ++++------------- .../provider/exoscale/1.21/kustomization.yaml | 2 +- .../static/provider/exoscale/1.22/deploy.yaml | 103 ++++------------- .../provider/exoscale/1.22/kustomization.yaml | 2 +- .../static/provider/exoscale/1.23/deploy.yaml | 103 ++++------------- .../provider/exoscale/1.23/kustomization.yaml | 2 +- deploy/static/provider/exoscale/deploy.yaml | 107 ++++-------------- .../provider/exoscale/kustomization.yaml | 2 +- deploy/static/provider/kind/1.19/deploy.yaml | 103 ++++------------- .../provider/kind/1.19/kustomization.yaml | 2 +- deploy/static/provider/kind/1.20/deploy.yaml | 106 ++++------------- .../provider/kind/1.20/kustomization.yaml | 2 +- deploy/static/provider/kind/1.21/deploy.yaml | 103 ++++------------- .../provider/kind/1.21/kustomization.yaml | 2 +- deploy/static/provider/kind/1.22/deploy.yaml | 103 ++++------------- .../provider/kind/1.22/kustomization.yaml | 2 +- deploy/static/provider/kind/1.23/deploy.yaml | 103 ++++------------- .../provider/kind/1.23/kustomization.yaml | 2 +- deploy/static/provider/kind/deploy.yaml | 107 ++++-------------- .../static/provider/kind/kustomization.yaml | 2 +- deploy/static/provider/scw/1.19/deploy.yaml | 103 ++++------------- .../provider/scw/1.19/kustomization.yaml | 2 +- deploy/static/provider/scw/1.20/deploy.yaml | 106 ++++------------- .../provider/scw/1.20/kustomization.yaml | 2 +- deploy/static/provider/scw/1.21/deploy.yaml | 103 ++++------------- .../provider/scw/1.21/kustomization.yaml | 2 +- deploy/static/provider/scw/1.22/deploy.yaml | 103 ++++------------- .../provider/scw/1.22/kustomization.yaml | 2 +- deploy/static/provider/scw/1.23/deploy.yaml | 103 ++++------------- .../provider/scw/1.23/kustomization.yaml | 2 +- deploy/static/provider/scw/deploy.yaml | 107 ++++-------------- deploy/static/provider/scw/kustomization.yaml | 2 +- docs/deploy/index.md | 18 +-- hack/generate-deploy-scripts.sh | 8 +- .../static-kustomization-template.yaml | 2 +- stable.txt | 2 +- 107 files changed, 1139 insertions(+), 4083 deletions(-) diff --git a/.gitignore b/.gitignore index 921ba6aec..0943c3b1a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +helm-docs # OSX ._* .DS_Store diff --git a/Changelog.md b/Changelog.md index 40a4aaaf9..0f3656b22 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,43 @@ # Changelog +### 1.1.3 + +**Image:** +- k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + +This release upgrades Alpine to 3.14.4 and nginx to 1.19.10 + +Patches [OpenSSL CVE-2022-0778](https://github.com/kubernetes/ingress-nginx/issues/8339) + +Patches [Libxml2 CVE-2022-23308](https://github.com/kubernetes/ingress-nginx/issues/8321) + +_Changes:_ + +[8415](https://github.com/kubernetes/ingress-nginx/pull/8415) base img update for e2e-test-runner & opentelemetry +[8403](https://github.com/kubernetes/ingress-nginx/pull/8403) Add execute permissions to nginx image entrypoint.sh +[8392](https://github.com/kubernetes/ingress-nginx/pull/8392) fix document for monitoring +[8386](https://github.com/kubernetes/ingress-nginx/pull/8386) downgrade to 3.14.4 and fix tag +[8379](https://github.com/kubernetes/ingress-nginx/pull/8379) bump luarocks to 3.8.0 +[8368](https://github.com/kubernetes/ingress-nginx/pull/8368) Updated semver in install docs URLs +[8360](https://github.com/kubernetes/ingress-nginx/pull/8360) Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 +[8334](https://github.com/kubernetes/ingress-nginx/pull/8334) Pinned GitHub workflows by SHA +[8324](https://github.com/kubernetes/ingress-nginx/pull/8324) Added missing "repo" option on "helm upgrade" command +[8315](https://github.com/kubernetes/ingress-nginx/pull/8315) Fix 50% split between canary and mainline tests +[8311](https://github.com/kubernetes/ingress-nginx/pull/8311) leaving it the git tag +[8307](https://github.com/kubernetes/ingress-nginx/pull/8307) Nginx v1.19.10 +[8302](https://github.com/kubernetes/ingress-nginx/pull/8302) docs: fix changelog formatting for 1.1.2 +[8300](https://github.com/kubernetes/ingress-nginx/pull/8300) Names cannot contain _ (underscore)! So I changed it to -. +[8288](https://github.com/kubernetes/ingress-nginx/pull/8288) [docs] Missing annotations +[8287](https://github.com/kubernetes/ingress-nginx/pull/8287) Add the shareProcessNamespace as a configurable setting in the helm chart +[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build +[8281](https://github.com/kubernetes/ingress-nginx/pull/8281) force prow job by changing something in images/ot dir +[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241 +[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts +[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error +[8258](https://github.com/kubernetes/ingress-nginx/pull/8258) remove 0.46.0 from supported versions table +[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation +[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric + ### 1.1.2 **Image:** diff --git a/README.md b/README.md index 96268a8f9..c653e4c70 100644 --- a/README.md +++ b/README.md @@ -31,22 +31,22 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| -| v1.1.2 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.1.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.1.0 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.5 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.4 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.3 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.2 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.1 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | -| v0.50.0 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v0.49.3 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v0.49.2 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v0.49.1 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v0.49.0 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | -| v0.48.1 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | -| v0.47.0 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | +| v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | +| v1.1.2 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v1.1.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v1.1.0 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v1.0.5 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v1.0.4 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v1.0.3 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v1.0.2 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v1.0.1 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | +| v0.50.0 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v0.49.3 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v0.49.2 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v0.49.1 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v0.49.0 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | +| v0.48.1 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | † _This build is [patched against CVE-2021-23017](https://github.com/openresty/openresty/commit/4b5ec7edd78616f544abc194308e0cf4b788725b#diff-42ef841dc27fe0b5aa2d06bd31308bb63a59cdcddcbcddd917248349d22020a3)._ diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 69db0be31..f8203e33e 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.0.18 -appVersion: 1.1.2 +version: 4.0.19 +appVersion: 1.1.3 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -24,8 +24,5 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "#8253 Add a certificate info metric" - - "#8225 fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests" - - "#8162 Versioned static manifests" - - "#8159 Adding some geoip variables and default values" - - "#8221 Do not validate ingresses with unknown ingress class in admission webhook endpoint" + - "#8307 Nginx v1.19.10" + - "#8386 Alpine 3.14.4" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index c0ef8109d..0647db915 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.0.18](https://img.shields.io/badge/Version-4.0.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.2](https://img.shields.io/badge/AppVersion-1.1.2-informational?style=flat-square) +![Version: 4.0.19](https://img.shields.io/badge/Version-4.0.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.3](https://img.shields.io/badge/AppVersion-1.1.3-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -306,12 +306,12 @@ Kubernetes: `>=1.19.0-0` | controller.hostPort.ports.https | int | `443` | 'hostPort' https port | | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | -| controller.image.digest | string | `"sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c"` | | +| controller.image.digest | string | `"sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"k8s.gcr.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.1.2"` | | +| controller.image.tag | string | `"v1.1.3"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index 05fb2041e..0f47f131c 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -37,12 +37,12 @@ spec: {{- if .Values.controller.service.healthCheckNodePort }} healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} {{- end }} -{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version -}} +{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} {{- if .Values.controller.service.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }} {{- end }} {{- end }} -{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version -}} +{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} {{- if .Values.controller.service.ipFamilies }} ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index f355e5eaa..cea8cebe8 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -21,8 +21,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.1.2" - digest: sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + tag: "v1.1.3" + digest: sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 diff --git a/deploy/static/provider/aws/1.19/deploy.yaml b/deploy/static/provider/aws/1.19/deploy.yaml index 710cfcafd..30d40e77b 100644 --- a/deploy/static/provider/aws/1.19/deploy.yaml +++ b/deploy/static/provider/aws/1.19/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -356,11 +319,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,11 +347,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -410,11 +369,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -454,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,17 +478,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -540,11 +492,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -575,17 +525,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -594,11 +539,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -634,11 +577,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -649,11 +590,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.19/kustomization.yaml b/deploy/static/provider/aws/1.19/kustomization.yaml index d18ef3896..18c6bb6a3 100644 --- a/deploy/static/provider/aws/1.19/kustomization.yaml +++ b/deploy/static/provider/aws/1.19/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws # ``` resources: diff --git a/deploy/static/provider/aws/1.20/deploy.yaml b/deploy/static/provider/aws/1.20/deploy.yaml index 440861a53..0afe26fa2 100644 --- a/deploy/static/provider/aws/1.20/deploy.yaml +++ b/deploy/static/provider/aws/1.20/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -356,18 +319,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -391,11 +349,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -416,11 +372,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +414,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,17 +481,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -546,11 +495,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -581,17 +528,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -600,11 +542,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -640,11 +580,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -655,11 +593,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.20/kustomization.yaml b/deploy/static/provider/aws/1.20/kustomization.yaml index d18ef3896..18c6bb6a3 100644 --- a/deploy/static/provider/aws/1.20/kustomization.yaml +++ b/deploy/static/provider/aws/1.20/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws # ``` resources: diff --git a/deploy/static/provider/aws/1.21/deploy.yaml b/deploy/static/provider/aws/1.21/deploy.yaml index 440861a53..b73d21f8f 100644 --- a/deploy/static/provider/aws/1.21/deploy.yaml +++ b/deploy/static/provider/aws/1.21/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -356,11 +319,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,11 +352,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -416,11 +375,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,17 +484,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -546,11 +498,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -581,17 +531,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -600,11 +545,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -640,11 +583,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -655,11 +596,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.21/kustomization.yaml b/deploy/static/provider/aws/1.21/kustomization.yaml index d18ef3896..18c6bb6a3 100644 --- a/deploy/static/provider/aws/1.21/kustomization.yaml +++ b/deploy/static/provider/aws/1.21/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws # ``` resources: diff --git a/deploy/static/provider/aws/1.22/deploy.yaml b/deploy/static/provider/aws/1.22/deploy.yaml index 440861a53..b73d21f8f 100644 --- a/deploy/static/provider/aws/1.22/deploy.yaml +++ b/deploy/static/provider/aws/1.22/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -356,11 +319,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,11 +352,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -416,11 +375,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,17 +484,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -546,11 +498,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -581,17 +531,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -600,11 +545,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -640,11 +583,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -655,11 +596,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.22/kustomization.yaml b/deploy/static/provider/aws/1.22/kustomization.yaml index d18ef3896..18c6bb6a3 100644 --- a/deploy/static/provider/aws/1.22/kustomization.yaml +++ b/deploy/static/provider/aws/1.22/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws # ``` resources: diff --git a/deploy/static/provider/aws/1.23/deploy.yaml b/deploy/static/provider/aws/1.23/deploy.yaml index 440861a53..b73d21f8f 100644 --- a/deploy/static/provider/aws/1.23/deploy.yaml +++ b/deploy/static/provider/aws/1.23/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -356,11 +319,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,11 +352,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -416,11 +375,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,17 +484,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -546,11 +498,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -581,17 +531,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -600,11 +545,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -640,11 +583,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -655,11 +596,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.23/kustomization.yaml b/deploy/static/provider/aws/1.23/kustomization.yaml index d18ef3896..18c6bb6a3 100644 --- a/deploy/static/provider/aws/1.23/kustomization.yaml +++ b/deploy/static/provider/aws/1.23/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws # ``` resources: diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 374823462..0afe26fa2 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -1,4 +1,3 @@ -#GENERATED FOR K8S 1.20 apiVersion: v1 kind: Namespace metadata: @@ -14,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -45,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -126,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -153,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -219,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -246,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -265,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -292,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -310,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -357,18 +319,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -392,11 +349,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -417,11 +372,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -461,7 +414,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -528,17 +481,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -547,11 +495,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -582,17 +528,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -601,11 +542,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -641,11 +580,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -656,11 +593,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/kustomization.yaml b/deploy/static/provider/aws/kustomization.yaml index d18ef3896..18c6bb6a3 100644 --- a/deploy/static/provider/aws/kustomization.yaml +++ b/deploy/static/provider/aws/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws # ``` resources: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml index 426c72b06..e2232bd6e 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -345,11 +310,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -365,11 +328,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -395,11 +356,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -419,11 +378,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -463,7 +420,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -533,17 +490,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -552,11 +504,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -587,17 +537,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -606,11 +551,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -646,11 +589,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -661,11 +602,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.19/kustomization.yaml index ca2086ea9..51c1513c9 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/kustomization.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.19/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws/nlb-with-tls-termination?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination # ``` resources: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml index 21ea91d49..07be32ffe 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -345,11 +310,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -365,18 +328,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -400,11 +358,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -425,11 +381,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -469,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -539,17 +493,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -558,11 +507,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -593,17 +540,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -612,11 +554,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -652,11 +592,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -667,11 +605,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/kustomization.yaml index ca2086ea9..51c1513c9 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/kustomization.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws/nlb-with-tls-termination?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination # ``` resources: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml index 21ea91d49..d86ddc4fd 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -345,11 +310,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -365,11 +328,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -400,11 +361,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -425,11 +384,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -469,7 +426,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -539,17 +496,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -558,11 +510,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -593,17 +543,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -612,11 +557,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -652,11 +595,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -667,11 +608,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/kustomization.yaml index ca2086ea9..51c1513c9 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/kustomization.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws/nlb-with-tls-termination?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination # ``` resources: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml index 21ea91d49..d86ddc4fd 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -345,11 +310,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -365,11 +328,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -400,11 +361,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -425,11 +384,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -469,7 +426,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -539,17 +496,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -558,11 +510,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -593,17 +543,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -612,11 +557,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -652,11 +595,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -667,11 +608,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/kustomization.yaml index ca2086ea9..51c1513c9 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/kustomization.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws/nlb-with-tls-termination?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination # ``` resources: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml index 21ea91d49..d86ddc4fd 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -345,11 +310,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -365,11 +328,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -400,11 +361,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -425,11 +384,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -469,7 +426,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -539,17 +496,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -558,11 +510,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -593,17 +543,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -612,11 +557,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -652,11 +595,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -667,11 +608,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/kustomization.yaml index ca2086ea9..51c1513c9 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/kustomization.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws/nlb-with-tls-termination?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination # ``` resources: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 97c4697d5..07be32ffe 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -1,4 +1,3 @@ -#GENERATED FOR K8S 1.20 apiVersion: v1 kind: Namespace metadata: @@ -14,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -45,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -126,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -153,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -219,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -246,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -265,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -292,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -310,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -346,11 +310,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -366,18 +328,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -401,11 +358,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -426,11 +381,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -470,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -540,17 +493,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -559,11 +507,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -594,17 +540,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -613,11 +554,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -653,11 +592,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -668,11 +605,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/kustomization.yaml index ca2086ea9..51c1513c9 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/kustomization.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/aws/nlb-with-tls-termination?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination # ``` resources: diff --git a/deploy/static/provider/baremetal/1.19/deploy.yaml b/deploy/static/provider/baremetal/1.19/deploy.yaml index c03765456..49c11b1bd 100644 --- a/deploy/static/provider/baremetal/1.19/deploy.yaml +++ b/deploy/static/provider/baremetal/1.19/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -381,11 +342,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -405,11 +364,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -448,7 +405,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -515,17 +472,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,11 +486,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -569,17 +519,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -588,11 +533,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -628,11 +571,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -643,11 +584,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.19/kustomization.yaml b/deploy/static/provider/baremetal/1.19/kustomization.yaml index d13af0f82..d585f85c6 100644 --- a/deploy/static/provider/baremetal/1.19/kustomization.yaml +++ b/deploy/static/provider/baremetal/1.19/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/baremetal?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal # ``` resources: diff --git a/deploy/static/provider/baremetal/1.20/deploy.yaml b/deploy/static/provider/baremetal/1.20/deploy.yaml index 943d0ff49..aa9898d99 100644 --- a/deploy/static/provider/baremetal/1.20/deploy.yaml +++ b/deploy/static/provider/baremetal/1.20/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,17 +315,12 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -386,11 +344,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,11 +367,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -454,7 +408,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,17 +475,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -540,11 +489,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -575,17 +522,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -594,11 +536,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -634,11 +574,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -649,11 +587,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.20/kustomization.yaml b/deploy/static/provider/baremetal/1.20/kustomization.yaml index d13af0f82..d585f85c6 100644 --- a/deploy/static/provider/baremetal/1.20/kustomization.yaml +++ b/deploy/static/provider/baremetal/1.20/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/baremetal?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal # ``` resources: diff --git a/deploy/static/provider/baremetal/1.21/deploy.yaml b/deploy/static/provider/baremetal/1.21/deploy.yaml index 943d0ff49..c101d538b 100644 --- a/deploy/static/provider/baremetal/1.21/deploy.yaml +++ b/deploy/static/provider/baremetal/1.21/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,11 +347,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,11 +370,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -454,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,17 +478,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -540,11 +492,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -575,17 +525,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -594,11 +539,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -634,11 +577,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -649,11 +590,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.21/kustomization.yaml b/deploy/static/provider/baremetal/1.21/kustomization.yaml index d13af0f82..d585f85c6 100644 --- a/deploy/static/provider/baremetal/1.21/kustomization.yaml +++ b/deploy/static/provider/baremetal/1.21/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/baremetal?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal # ``` resources: diff --git a/deploy/static/provider/baremetal/1.22/deploy.yaml b/deploy/static/provider/baremetal/1.22/deploy.yaml index 943d0ff49..c101d538b 100644 --- a/deploy/static/provider/baremetal/1.22/deploy.yaml +++ b/deploy/static/provider/baremetal/1.22/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,11 +347,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,11 +370,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -454,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,17 +478,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -540,11 +492,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -575,17 +525,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -594,11 +539,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -634,11 +577,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -649,11 +590,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.22/kustomization.yaml b/deploy/static/provider/baremetal/1.22/kustomization.yaml index d13af0f82..d585f85c6 100644 --- a/deploy/static/provider/baremetal/1.22/kustomization.yaml +++ b/deploy/static/provider/baremetal/1.22/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/baremetal?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal # ``` resources: diff --git a/deploy/static/provider/baremetal/1.23/deploy.yaml b/deploy/static/provider/baremetal/1.23/deploy.yaml index 943d0ff49..c101d538b 100644 --- a/deploy/static/provider/baremetal/1.23/deploy.yaml +++ b/deploy/static/provider/baremetal/1.23/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,11 +347,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,11 +370,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -454,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,17 +478,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -540,11 +492,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -575,17 +525,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -594,11 +539,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -634,11 +577,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -649,11 +590,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.23/kustomization.yaml b/deploy/static/provider/baremetal/1.23/kustomization.yaml index d13af0f82..d585f85c6 100644 --- a/deploy/static/provider/baremetal/1.23/kustomization.yaml +++ b/deploy/static/provider/baremetal/1.23/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/baremetal?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal # ``` resources: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index cdba346c1..aa9898d99 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -1,4 +1,3 @@ -#GENERATED FOR K8S 1.20 apiVersion: v1 kind: Namespace metadata: @@ -14,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -45,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -126,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -153,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -219,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -246,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -265,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -292,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -310,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -353,17 +315,12 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -387,11 +344,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -412,11 +367,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -455,7 +408,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,17 +475,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -541,11 +489,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -576,17 +522,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -595,11 +536,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -635,11 +574,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -650,11 +587,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/kustomization.yaml b/deploy/static/provider/baremetal/kustomization.yaml index d13af0f82..d585f85c6 100644 --- a/deploy/static/provider/baremetal/kustomization.yaml +++ b/deploy/static/provider/baremetal/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/baremetal?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal # ``` resources: diff --git a/deploy/static/provider/cloud/1.19/deploy.yaml b/deploy/static/provider/cloud/1.19/deploy.yaml index af5e89f04..f6000c6a6 100644 --- a/deploy/static/provider/cloud/1.19/deploy.yaml +++ b/deploy/static/provider/cloud/1.19/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -382,11 +343,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -406,11 +365,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -450,7 +407,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -517,17 +474,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -536,11 +488,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -571,17 +521,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -590,11 +535,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -630,11 +573,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -645,11 +586,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.19/kustomization.yaml b/deploy/static/provider/cloud/1.19/kustomization.yaml index a92167fad..d477ec405 100644 --- a/deploy/static/provider/cloud/1.19/kustomization.yaml +++ b/deploy/static/provider/cloud/1.19/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/cloud?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud # ``` resources: diff --git a/deploy/static/provider/cloud/1.20/deploy.yaml b/deploy/static/provider/cloud/1.20/deploy.yaml index ae18d5938..d87b1331d 100644 --- a/deploy/static/provider/cloud/1.20/deploy.yaml +++ b/deploy/static/provider/cloud/1.20/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,18 +315,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -387,11 +345,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -412,11 +368,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -456,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,17 +477,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -542,11 +491,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -577,17 +524,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -596,11 +538,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -636,11 +576,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -651,11 +589,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.20/kustomization.yaml b/deploy/static/provider/cloud/1.20/kustomization.yaml index a92167fad..d477ec405 100644 --- a/deploy/static/provider/cloud/1.20/kustomization.yaml +++ b/deploy/static/provider/cloud/1.20/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/cloud?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud # ``` resources: diff --git a/deploy/static/provider/cloud/1.21/deploy.yaml b/deploy/static/provider/cloud/1.21/deploy.yaml index ae18d5938..a1f096f6b 100644 --- a/deploy/static/provider/cloud/1.21/deploy.yaml +++ b/deploy/static/provider/cloud/1.21/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,11 +348,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -412,11 +371,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -456,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,17 +480,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -542,11 +494,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -577,17 +527,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -596,11 +541,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -636,11 +579,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -651,11 +592,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.21/kustomization.yaml b/deploy/static/provider/cloud/1.21/kustomization.yaml index a92167fad..d477ec405 100644 --- a/deploy/static/provider/cloud/1.21/kustomization.yaml +++ b/deploy/static/provider/cloud/1.21/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/cloud?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud # ``` resources: diff --git a/deploy/static/provider/cloud/1.22/deploy.yaml b/deploy/static/provider/cloud/1.22/deploy.yaml index ae18d5938..a1f096f6b 100644 --- a/deploy/static/provider/cloud/1.22/deploy.yaml +++ b/deploy/static/provider/cloud/1.22/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,11 +348,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -412,11 +371,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -456,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,17 +480,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -542,11 +494,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -577,17 +527,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -596,11 +541,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -636,11 +579,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -651,11 +592,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.22/kustomization.yaml b/deploy/static/provider/cloud/1.22/kustomization.yaml index a92167fad..d477ec405 100644 --- a/deploy/static/provider/cloud/1.22/kustomization.yaml +++ b/deploy/static/provider/cloud/1.22/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/cloud?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud # ``` resources: diff --git a/deploy/static/provider/cloud/1.23/deploy.yaml b/deploy/static/provider/cloud/1.23/deploy.yaml index ae18d5938..a1f096f6b 100644 --- a/deploy/static/provider/cloud/1.23/deploy.yaml +++ b/deploy/static/provider/cloud/1.23/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,11 +348,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -412,11 +371,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -456,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,17 +480,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -542,11 +494,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -577,17 +527,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -596,11 +541,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -636,11 +579,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -651,11 +592,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.23/kustomization.yaml b/deploy/static/provider/cloud/1.23/kustomization.yaml index a92167fad..d477ec405 100644 --- a/deploy/static/provider/cloud/1.23/kustomization.yaml +++ b/deploy/static/provider/cloud/1.23/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/cloud?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud # ``` resources: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 206883b6e..d87b1331d 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -1,4 +1,3 @@ -#GENERATED FOR K8S 1.20 apiVersion: v1 kind: Namespace metadata: @@ -14,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -45,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -126,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -153,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -219,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -246,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -265,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -292,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -310,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -353,18 +315,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -388,11 +345,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -413,11 +368,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -457,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -524,17 +477,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -543,11 +491,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -578,17 +524,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -597,11 +538,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -637,11 +576,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -652,11 +589,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/kustomization.yaml b/deploy/static/provider/cloud/kustomization.yaml index a92167fad..d477ec405 100644 --- a/deploy/static/provider/cloud/kustomization.yaml +++ b/deploy/static/provider/cloud/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/cloud?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud # ``` resources: diff --git a/deploy/static/provider/do/1.19/deploy.yaml b/deploy/static/provider/do/1.19/deploy.yaml index 69504e702..e746a93db 100644 --- a/deploy/static/provider/do/1.19/deploy.yaml +++ b/deploy/static/provider/do/1.19/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,11 +318,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -385,11 +346,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -409,11 +368,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -453,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -520,17 +477,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -539,11 +491,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -574,17 +524,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -593,11 +538,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -633,11 +576,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -648,11 +589,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.19/kustomization.yaml b/deploy/static/provider/do/1.19/kustomization.yaml index c7bb8d250..f20d445c7 100644 --- a/deploy/static/provider/do/1.19/kustomization.yaml +++ b/deploy/static/provider/do/1.19/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/do?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do # ``` resources: diff --git a/deploy/static/provider/do/1.20/deploy.yaml b/deploy/static/provider/do/1.20/deploy.yaml index 98bfe291a..815e70374 100644 --- a/deploy/static/provider/do/1.20/deploy.yaml +++ b/deploy/static/provider/do/1.20/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,18 +318,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -390,11 +348,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,11 +371,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -459,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,17 +480,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -545,11 +494,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -580,17 +527,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -599,11 +541,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -639,11 +579,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -654,11 +592,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.20/kustomization.yaml b/deploy/static/provider/do/1.20/kustomization.yaml index c7bb8d250..f20d445c7 100644 --- a/deploy/static/provider/do/1.20/kustomization.yaml +++ b/deploy/static/provider/do/1.20/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/do?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do # ``` resources: diff --git a/deploy/static/provider/do/1.21/deploy.yaml b/deploy/static/provider/do/1.21/deploy.yaml index 98bfe291a..df2dce367 100644 --- a/deploy/static/provider/do/1.21/deploy.yaml +++ b/deploy/static/provider/do/1.21/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,11 +318,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -390,11 +351,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,11 +374,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -459,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,17 +483,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -545,11 +497,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -580,17 +530,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -599,11 +544,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -639,11 +582,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -654,11 +595,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.21/kustomization.yaml b/deploy/static/provider/do/1.21/kustomization.yaml index c7bb8d250..f20d445c7 100644 --- a/deploy/static/provider/do/1.21/kustomization.yaml +++ b/deploy/static/provider/do/1.21/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/do?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do # ``` resources: diff --git a/deploy/static/provider/do/1.22/deploy.yaml b/deploy/static/provider/do/1.22/deploy.yaml index 98bfe291a..df2dce367 100644 --- a/deploy/static/provider/do/1.22/deploy.yaml +++ b/deploy/static/provider/do/1.22/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,11 +318,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -390,11 +351,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,11 +374,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -459,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,17 +483,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -545,11 +497,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -580,17 +530,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -599,11 +544,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -639,11 +582,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -654,11 +595,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.22/kustomization.yaml b/deploy/static/provider/do/1.22/kustomization.yaml index c7bb8d250..f20d445c7 100644 --- a/deploy/static/provider/do/1.22/kustomization.yaml +++ b/deploy/static/provider/do/1.22/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/do?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do # ``` resources: diff --git a/deploy/static/provider/do/1.23/deploy.yaml b/deploy/static/provider/do/1.23/deploy.yaml index 98bfe291a..df2dce367 100644 --- a/deploy/static/provider/do/1.23/deploy.yaml +++ b/deploy/static/provider/do/1.23/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,11 +318,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -390,11 +351,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,11 +374,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -459,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,17 +483,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -545,11 +497,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -580,17 +530,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -599,11 +544,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -639,11 +582,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -654,11 +595,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.23/kustomization.yaml b/deploy/static/provider/do/1.23/kustomization.yaml index c7bb8d250..f20d445c7 100644 --- a/deploy/static/provider/do/1.23/kustomization.yaml +++ b/deploy/static/provider/do/1.23/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/do?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do # ``` resources: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 324ae79e6..815e70374 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -1,4 +1,3 @@ -#GENERATED FOR K8S 1.20 apiVersion: v1 kind: Namespace metadata: @@ -14,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -45,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -126,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -153,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -219,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -246,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -265,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -292,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -310,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -340,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -356,18 +318,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -391,11 +348,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -416,11 +371,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,17 +480,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -546,11 +494,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -581,17 +527,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -600,11 +541,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -640,11 +579,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -655,11 +592,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/kustomization.yaml b/deploy/static/provider/do/kustomization.yaml index c7bb8d250..f20d445c7 100644 --- a/deploy/static/provider/do/kustomization.yaml +++ b/deploy/static/provider/do/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/do?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do # ``` resources: diff --git a/deploy/static/provider/exoscale/1.19/deploy.yaml b/deploy/static/provider/exoscale/1.19/deploy.yaml index 3c22a0118..61e084249 100644 --- a/deploy/static/provider/exoscale/1.19/deploy.yaml +++ b/deploy/static/provider/exoscale/1.19/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -362,11 +325,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -392,11 +353,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -416,11 +375,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,17 +484,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -546,11 +498,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -581,17 +531,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -600,11 +545,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -640,11 +583,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -655,11 +596,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.19/kustomization.yaml b/deploy/static/provider/exoscale/1.19/kustomization.yaml index 8466627e2..e79016cf3 100644 --- a/deploy/static/provider/exoscale/1.19/kustomization.yaml +++ b/deploy/static/provider/exoscale/1.19/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/exoscale?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale # ``` resources: diff --git a/deploy/static/provider/exoscale/1.20/deploy.yaml b/deploy/static/provider/exoscale/1.20/deploy.yaml index 136b466c9..e3712ce33 100644 --- a/deploy/static/provider/exoscale/1.20/deploy.yaml +++ b/deploy/static/provider/exoscale/1.20/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -362,18 +325,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -397,11 +355,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -422,11 +378,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -466,7 +420,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -533,17 +487,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -552,11 +501,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -587,17 +534,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -606,11 +548,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -646,11 +586,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -661,11 +599,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.20/kustomization.yaml b/deploy/static/provider/exoscale/1.20/kustomization.yaml index 8466627e2..e79016cf3 100644 --- a/deploy/static/provider/exoscale/1.20/kustomization.yaml +++ b/deploy/static/provider/exoscale/1.20/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/exoscale?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale # ``` resources: diff --git a/deploy/static/provider/exoscale/1.21/deploy.yaml b/deploy/static/provider/exoscale/1.21/deploy.yaml index 136b466c9..7c214d0f0 100644 --- a/deploy/static/provider/exoscale/1.21/deploy.yaml +++ b/deploy/static/provider/exoscale/1.21/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -362,11 +325,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -397,11 +358,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -422,11 +381,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -466,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -533,17 +490,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -552,11 +504,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -587,17 +537,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -606,11 +551,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -646,11 +589,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -661,11 +602,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.21/kustomization.yaml b/deploy/static/provider/exoscale/1.21/kustomization.yaml index 8466627e2..e79016cf3 100644 --- a/deploy/static/provider/exoscale/1.21/kustomization.yaml +++ b/deploy/static/provider/exoscale/1.21/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/exoscale?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale # ``` resources: diff --git a/deploy/static/provider/exoscale/1.22/deploy.yaml b/deploy/static/provider/exoscale/1.22/deploy.yaml index 136b466c9..7c214d0f0 100644 --- a/deploy/static/provider/exoscale/1.22/deploy.yaml +++ b/deploy/static/provider/exoscale/1.22/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -362,11 +325,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -397,11 +358,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -422,11 +381,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -466,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -533,17 +490,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -552,11 +504,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -587,17 +537,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -606,11 +551,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -646,11 +589,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -661,11 +602,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.22/kustomization.yaml b/deploy/static/provider/exoscale/1.22/kustomization.yaml index 8466627e2..e79016cf3 100644 --- a/deploy/static/provider/exoscale/1.22/kustomization.yaml +++ b/deploy/static/provider/exoscale/1.22/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/exoscale?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale # ``` resources: diff --git a/deploy/static/provider/exoscale/1.23/deploy.yaml b/deploy/static/provider/exoscale/1.23/deploy.yaml index 136b466c9..7c214d0f0 100644 --- a/deploy/static/provider/exoscale/1.23/deploy.yaml +++ b/deploy/static/provider/exoscale/1.23/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -362,11 +325,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -397,11 +358,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -422,11 +381,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -466,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -533,17 +490,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -552,11 +504,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -587,17 +537,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -606,11 +551,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -646,11 +589,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -661,11 +602,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.23/kustomization.yaml b/deploy/static/provider/exoscale/1.23/kustomization.yaml index 8466627e2..e79016cf3 100644 --- a/deploy/static/provider/exoscale/1.23/kustomization.yaml +++ b/deploy/static/provider/exoscale/1.23/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/exoscale?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale # ``` resources: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index d65ba8628..e3712ce33 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -1,4 +1,3 @@ -#GENERATED FOR K8S 1.20 apiVersion: v1 kind: Namespace metadata: @@ -14,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -45,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -126,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -153,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -219,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -246,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -265,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -292,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -310,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -363,18 +325,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -398,11 +355,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -423,11 +378,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -467,7 +420,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -534,17 +487,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -553,11 +501,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -588,17 +534,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -607,11 +548,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -647,11 +586,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -662,11 +599,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/kustomization.yaml b/deploy/static/provider/exoscale/kustomization.yaml index 8466627e2..e79016cf3 100644 --- a/deploy/static/provider/exoscale/kustomization.yaml +++ b/deploy/static/provider/exoscale/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/exoscale?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale # ``` resources: diff --git a/deploy/static/provider/kind/1.19/deploy.yaml b/deploy/static/provider/kind/1.19/deploy.yaml index 171725751..8122b831c 100644 --- a/deploy/static/provider/kind/1.19/deploy.yaml +++ b/deploy/static/provider/kind/1.19/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -381,11 +342,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -405,11 +364,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -454,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -528,17 +485,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -547,11 +499,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -582,17 +532,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -601,11 +546,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -641,11 +584,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -656,11 +597,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.19/kustomization.yaml b/deploy/static/provider/kind/1.19/kustomization.yaml index 94b7c887d..bd605a188 100644 --- a/deploy/static/provider/kind/1.19/kustomization.yaml +++ b/deploy/static/provider/kind/1.19/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/kind?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind # ``` resources: diff --git a/deploy/static/provider/kind/1.20/deploy.yaml b/deploy/static/provider/kind/1.20/deploy.yaml index 030092a55..934c81a01 100644 --- a/deploy/static/provider/kind/1.20/deploy.yaml +++ b/deploy/static/provider/kind/1.20/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,17 +315,12 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -386,11 +344,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,11 +367,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +414,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -534,17 +488,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -553,11 +502,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -588,17 +535,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -607,11 +549,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -647,11 +587,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -662,11 +600,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.20/kustomization.yaml b/deploy/static/provider/kind/1.20/kustomization.yaml index 94b7c887d..bd605a188 100644 --- a/deploy/static/provider/kind/1.20/kustomization.yaml +++ b/deploy/static/provider/kind/1.20/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/kind?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind # ``` resources: diff --git a/deploy/static/provider/kind/1.21/deploy.yaml b/deploy/static/provider/kind/1.21/deploy.yaml index 030092a55..6d3e5ba7a 100644 --- a/deploy/static/provider/kind/1.21/deploy.yaml +++ b/deploy/static/provider/kind/1.21/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,11 +347,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,11 +370,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -534,17 +491,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -553,11 +505,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -588,17 +538,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -607,11 +552,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -647,11 +590,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -662,11 +603,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.21/kustomization.yaml b/deploy/static/provider/kind/1.21/kustomization.yaml index 94b7c887d..bd605a188 100644 --- a/deploy/static/provider/kind/1.21/kustomization.yaml +++ b/deploy/static/provider/kind/1.21/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/kind?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind # ``` resources: diff --git a/deploy/static/provider/kind/1.22/deploy.yaml b/deploy/static/provider/kind/1.22/deploy.yaml index 030092a55..6d3e5ba7a 100644 --- a/deploy/static/provider/kind/1.22/deploy.yaml +++ b/deploy/static/provider/kind/1.22/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,11 +347,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,11 +370,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -534,17 +491,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -553,11 +505,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -588,17 +538,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -607,11 +552,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -647,11 +590,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -662,11 +603,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.22/kustomization.yaml b/deploy/static/provider/kind/1.22/kustomization.yaml index 94b7c887d..bd605a188 100644 --- a/deploy/static/provider/kind/1.22/kustomization.yaml +++ b/deploy/static/provider/kind/1.22/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/kind?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind # ``` resources: diff --git a/deploy/static/provider/kind/1.23/deploy.yaml b/deploy/static/provider/kind/1.23/deploy.yaml index 030092a55..6d3e5ba7a 100644 --- a/deploy/static/provider/kind/1.23/deploy.yaml +++ b/deploy/static/provider/kind/1.23/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,11 +315,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,11 +347,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,11 +370,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -534,17 +491,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -553,11 +505,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -588,17 +538,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -607,11 +552,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -647,11 +590,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -662,11 +603,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.23/kustomization.yaml b/deploy/static/provider/kind/1.23/kustomization.yaml index 94b7c887d..bd605a188 100644 --- a/deploy/static/provider/kind/1.23/kustomization.yaml +++ b/deploy/static/provider/kind/1.23/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/kind?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind # ``` resources: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 1725f1347..934c81a01 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -1,4 +1,3 @@ -#GENERATED FOR K8S 1.20 apiVersion: v1 kind: Namespace metadata: @@ -14,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -45,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -126,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -153,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -219,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -246,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -265,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -292,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -310,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +303,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -353,17 +315,12 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -387,11 +344,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -412,11 +367,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -461,7 +414,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -535,17 +488,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -554,11 +502,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -589,17 +535,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -608,11 +549,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -648,11 +587,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -663,11 +600,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/kustomization.yaml b/deploy/static/provider/kind/kustomization.yaml index 94b7c887d..bd605a188 100644 --- a/deploy/static/provider/kind/kustomization.yaml +++ b/deploy/static/provider/kind/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/kind?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind # ``` resources: diff --git a/deploy/static/provider/scw/1.19/deploy.yaml b/deploy/static/provider/scw/1.19/deploy.yaml index 8e29c5564..d8dc86368 100644 --- a/deploy/static/provider/scw/1.19/deploy.yaml +++ b/deploy/static/provider/scw/1.19/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,11 +318,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -385,11 +346,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -409,11 +368,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -453,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -520,17 +477,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -539,11 +491,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -574,17 +524,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -593,11 +538,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -633,11 +576,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -648,11 +589,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.19/kustomization.yaml b/deploy/static/provider/scw/1.19/kustomization.yaml index da792b8f5..d8535dbde 100644 --- a/deploy/static/provider/scw/1.19/kustomization.yaml +++ b/deploy/static/provider/scw/1.19/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/scw?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw # ``` resources: diff --git a/deploy/static/provider/scw/1.20/deploy.yaml b/deploy/static/provider/scw/1.20/deploy.yaml index 82cee679d..19bfb55a8 100644 --- a/deploy/static/provider/scw/1.20/deploy.yaml +++ b/deploy/static/provider/scw/1.20/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,18 +318,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -390,11 +348,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,11 +371,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -459,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,17 +480,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -545,11 +494,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -580,17 +527,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -599,11 +541,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -639,11 +579,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -654,11 +592,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.20/kustomization.yaml b/deploy/static/provider/scw/1.20/kustomization.yaml index da792b8f5..d8535dbde 100644 --- a/deploy/static/provider/scw/1.20/kustomization.yaml +++ b/deploy/static/provider/scw/1.20/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/scw?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw # ``` resources: diff --git a/deploy/static/provider/scw/1.21/deploy.yaml b/deploy/static/provider/scw/1.21/deploy.yaml index 82cee679d..25a56f11a 100644 --- a/deploy/static/provider/scw/1.21/deploy.yaml +++ b/deploy/static/provider/scw/1.21/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,11 +318,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -390,11 +351,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,11 +374,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -459,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,17 +483,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -545,11 +497,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -580,17 +530,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -599,11 +544,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -639,11 +582,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -654,11 +595,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.21/kustomization.yaml b/deploy/static/provider/scw/1.21/kustomization.yaml index da792b8f5..d8535dbde 100644 --- a/deploy/static/provider/scw/1.21/kustomization.yaml +++ b/deploy/static/provider/scw/1.21/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/scw?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw # ``` resources: diff --git a/deploy/static/provider/scw/1.22/deploy.yaml b/deploy/static/provider/scw/1.22/deploy.yaml index 82cee679d..25a56f11a 100644 --- a/deploy/static/provider/scw/1.22/deploy.yaml +++ b/deploy/static/provider/scw/1.22/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,11 +318,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -390,11 +351,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,11 +374,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -459,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,17 +483,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -545,11 +497,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -580,17 +530,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -599,11 +544,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -639,11 +582,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -654,11 +595,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.22/kustomization.yaml b/deploy/static/provider/scw/1.22/kustomization.yaml index da792b8f5..d8535dbde 100644 --- a/deploy/static/provider/scw/1.22/kustomization.yaml +++ b/deploy/static/provider/scw/1.22/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/scw?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw # ``` resources: diff --git a/deploy/static/provider/scw/1.23/deploy.yaml b/deploy/static/provider/scw/1.23/deploy.yaml index 82cee679d..25a56f11a 100644 --- a/deploy/static/provider/scw/1.23/deploy.yaml +++ b/deploy/static/provider/scw/1.23/deploy.yaml @@ -13,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -44,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -125,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -152,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -218,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -245,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -264,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -291,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -309,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -339,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,11 +318,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -390,11 +351,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,11 +374,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -459,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,17 +483,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -545,11 +497,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -580,17 +530,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -599,11 +544,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -639,11 +582,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -654,11 +595,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.23/kustomization.yaml b/deploy/static/provider/scw/1.23/kustomization.yaml index da792b8f5..d8535dbde 100644 --- a/deploy/static/provider/scw/1.23/kustomization.yaml +++ b/deploy/static/provider/scw/1.23/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/scw?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw # ``` resources: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 138a9fcf1..19bfb55a8 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -1,4 +1,3 @@ -#GENERATED FOR K8S 1.20 apiVersion: v1 kind: Namespace metadata: @@ -14,28 +13,21 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -45,11 +37,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -126,17 +116,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -153,11 +138,9 @@ kind: ClusterRole metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx rules: - apiGroups: @@ -219,17 +202,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission rules: - apiGroups: @@ -246,11 +224,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -265,17 +241,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -292,11 +263,9 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -310,17 +279,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -340,11 +304,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -356,18 +318,13 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http @@ -391,11 +348,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -416,11 +371,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c + image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,17 +480,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -546,11 +494,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-create spec: containers: @@ -581,17 +527,12 @@ spec: apiVersion: batch/v1 kind: Job metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -600,11 +541,9 @@ spec: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission-patch spec: containers: @@ -640,11 +579,9 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -655,11 +592,9 @@ metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.2 - helm.sh/chart: ingress-nginx-4.0.18 + app.kubernetes.io/version: 1.1.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/kustomization.yaml b/deploy/static/provider/scw/kustomization.yaml index da792b8f5..d8535dbde 100644 --- a/deploy/static/provider/scw/kustomization.yaml +++ b/deploy/static/provider/scw/kustomization.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/provider/scw?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw # ``` resources: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 966703afb..849040574 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -186,17 +186,17 @@ In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controll ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -238,7 +238,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -252,7 +252,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/cloud/deploy.yaml ``` More information with regards to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -260,13 +260,13 @@ More information with regards to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/do/deploy.yaml ``` #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -280,7 +280,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/cloud/deploy.yaml ``` A [complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation. @@ -292,7 +292,7 @@ This section is applicable to Kubernetes clusters deployed on bare metal servers For quick testing, you can use a [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), see [bare-metal considerations](./baremetal.md). diff --git a/hack/generate-deploy-scripts.sh b/hack/generate-deploy-scripts.sh index a697b13e2..598e60fc4 100755 --- a/hack/generate-deploy-scripts.sh +++ b/hack/generate-deploy-scripts.sh @@ -18,7 +18,7 @@ if [ -n "$DEBUG" ]; then set -x fi -set -o errexit +#set -o errexit set -o nounset set -o pipefail @@ -42,6 +42,7 @@ for K8S_VERSION in "${K8S_TARGET_VERSIONS[@]}" do for TARGET in ${TARGETS} do + echo "Running ${K8S_VERSION} for target ${TARGET}" TARGET_DIR="${TEMPLATE_DIR}/${TARGET}" MANIFEST="${TEMPLATE_DIR}/common/manifest.yaml" # intermediate manifest OUTPUT_DIR="${DIR}/deploy/static/${TARGET}/${K8S_VERSION}" @@ -54,6 +55,9 @@ do --namespace ingress-nginx \ --kube-version ${K8S_VERSION} \ > $MANIFEST + sed -i '' '/app.kubernetes.io\/managed-by: Helm/d' $MANIFEST + sed -i '' '/helm.sh/d' $MANIFEST + kustomize --load-restrictor=LoadRestrictionsNone build . > ${OUTPUT_DIR}/deploy.yaml rm $MANIFEST cd ~- @@ -64,7 +68,7 @@ do if [[ ${K8S_VERSION} = ${K8S_DEFAULT_VERSION} ]] then cp ${OUTPUT_DIR}/*.yaml ${OUTPUT_DIR}/../ - sed -i "1s/^/#GENERATED FOR K8S ${K8S_VERSION}\n/" ${OUTPUT_DIR}/../deploy.yaml + sed -i "s/^/#GENERATED FOR K8S ${K8S_VERSION}\n/" ${OUTPUT_DIR}/../deploy.yaml fi done done diff --git a/hack/manifest-templates/static-kustomization-template.yaml b/hack/manifest-templates/static-kustomization-template.yaml index fd273c7c4..18118a0ce 100644 --- a/hack/manifest-templates/static-kustomization-template.yaml +++ b/hack/manifest-templates/static-kustomization-template.yaml @@ -4,7 +4,7 @@ # ``` # namespace: ingress-nginx # bases: -# - github.com/kubernetes/ingress-nginx/deploy/static/{TARGET}?ref=master +# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/{TARGET} # ``` resources: diff --git a/stable.txt b/stable.txt index e6c5acf0d..3e5a2f306 100644 --- a/stable.txt +++ b/stable.txt @@ -1 +1 @@ -controller-v1.1.0 \ No newline at end of file +controller-v1.1.3 \ No newline at end of file From ad47d49216b9460c299b267a69b710659044b863 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 1 Apr 2022 16:14:13 -0400 Subject: [PATCH 035/494] force helm release to artifact hub (#8417) * force helm release to artifact hub Signed-off-by: James Strong * update releaser version Signed-off-by: James Strong --- .github/workflows/helm.yaml | 5 +++-- charts/ingress-nginx/Chart.yaml | 6 +++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index dd8e6d752..c20716065 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -60,9 +60,10 @@ jobs: git config --global user.name "$GITHUB_ACTOR" git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Run chart-releaser - uses: helm/chart-releaser-action@c25b74a986eb925b398320414b576227f375f946 # v1.2.1 + - name: Helm Chart Releaser + uses: helm/chart-releaser-action@v1.4.0 env: + CR_SKIP_EXISTING: "false" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" with: diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index f8203e33e..bf9006e58 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -14,7 +14,9 @@ sources: - https://github.com/kubernetes/ingress-nginx type: application maintainers: - - name: ChiefAlexander + - name: rikatz + - name: strongjz + - name: tao12345666333 engine: gotpl kubeVersion: ">=1.19.0-0" annotations: @@ -26,3 +28,5 @@ annotations: artifacthub.io/changes: | - "#8307 Nginx v1.19.10" - "#8386 Alpine 3.14.4" + - "#8339 Patch OpenSSL CVE-2022-0778" + - "#8321 Vulnerability CVE-2022-23308 for libxml2" From 59c6c058fe7fc9c3ea8ebdc29c8712f3ef363dd3 Mon Sep 17 00:00:00 2001 From: James Strong Date: Sat, 2 Apr 2022 20:16:09 -0400 Subject: [PATCH 036/494] fix change log changes list (#8421) --- Changelog.md | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/Changelog.md b/Changelog.md index 0f3656b22..86a1d123d 100644 --- a/Changelog.md +++ b/Changelog.md @@ -13,30 +13,30 @@ Patches [Libxml2 CVE-2022-23308](https://github.com/kubernetes/ingress-nginx/iss _Changes:_ -[8415](https://github.com/kubernetes/ingress-nginx/pull/8415) base img update for e2e-test-runner & opentelemetry -[8403](https://github.com/kubernetes/ingress-nginx/pull/8403) Add execute permissions to nginx image entrypoint.sh -[8392](https://github.com/kubernetes/ingress-nginx/pull/8392) fix document for monitoring -[8386](https://github.com/kubernetes/ingress-nginx/pull/8386) downgrade to 3.14.4 and fix tag -[8379](https://github.com/kubernetes/ingress-nginx/pull/8379) bump luarocks to 3.8.0 -[8368](https://github.com/kubernetes/ingress-nginx/pull/8368) Updated semver in install docs URLs -[8360](https://github.com/kubernetes/ingress-nginx/pull/8360) Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 -[8334](https://github.com/kubernetes/ingress-nginx/pull/8334) Pinned GitHub workflows by SHA -[8324](https://github.com/kubernetes/ingress-nginx/pull/8324) Added missing "repo" option on "helm upgrade" command -[8315](https://github.com/kubernetes/ingress-nginx/pull/8315) Fix 50% split between canary and mainline tests -[8311](https://github.com/kubernetes/ingress-nginx/pull/8311) leaving it the git tag -[8307](https://github.com/kubernetes/ingress-nginx/pull/8307) Nginx v1.19.10 -[8302](https://github.com/kubernetes/ingress-nginx/pull/8302) docs: fix changelog formatting for 1.1.2 -[8300](https://github.com/kubernetes/ingress-nginx/pull/8300) Names cannot contain _ (underscore)! So I changed it to -. -[8288](https://github.com/kubernetes/ingress-nginx/pull/8288) [docs] Missing annotations -[8287](https://github.com/kubernetes/ingress-nginx/pull/8287) Add the shareProcessNamespace as a configurable setting in the helm chart -[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build -[8281](https://github.com/kubernetes/ingress-nginx/pull/8281) force prow job by changing something in images/ot dir -[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241 -[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts -[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error -[8258](https://github.com/kubernetes/ingress-nginx/pull/8258) remove 0.46.0 from supported versions table -[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation -[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric +- [8415](https://github.com/kubernetes/ingress-nginx/pull/8415) base img update for e2e-test-runner & opentelemetry +- [8403](https://github.com/kubernetes/ingress-nginx/pull/8403) Add execute permissions to nginx image entrypoint.sh +- [8392](https://github.com/kubernetes/ingress-nginx/pull/8392) fix document for monitoring +- [8386](https://github.com/kubernetes/ingress-nginx/pull/8386) downgrade to 3.14.4 and fix tag +- [8379](https://github.com/kubernetes/ingress-nginx/pull/8379) bump luarocks to 3.8.0 +- [8368](https://github.com/kubernetes/ingress-nginx/pull/8368) Updated semver in install docs URLs +- [8360](https://github.com/kubernetes/ingress-nginx/pull/8360) Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 +- [8334](https://github.com/kubernetes/ingress-nginx/pull/8334) Pinned GitHub workflows by SHA +- [8324](https://github.com/kubernetes/ingress-nginx/pull/8324) Added missing "repo" option on "helm upgrade" command +- [8315](https://github.com/kubernetes/ingress-nginx/pull/8315) Fix 50% split between canary and mainline tests +- [8311](https://github.com/kubernetes/ingress-nginx/pull/8311) leaving it the git tag +- [8307](https://github.com/kubernetes/ingress-nginx/pull/8307) Nginx v1.19.10 +- [8302](https://github.com/kubernetes/ingress-nginx/pull/8302) docs: fix changelog formatting for 1.1.2 +- [8300](https://github.com/kubernetes/ingress-nginx/pull/8300) Names cannot contain _ (underscore)! So I changed it to -. +- [8288](https://github.com/kubernetes/ingress-nginx/pull/8288) [docs] Missing annotations +- [8287](https://github.com/kubernetes/ingress-nginx/pull/8287) Add the shareProcessNamespace as a configurable setting in the helm chart +- [8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build +- [8281](https://github.com/kubernetes/ingress-nginx/pull/8281) force prow job by changing something in images/ot dir +- [8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241 +- [8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts +- [8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error +- [8258](https://github.com/kubernetes/ingress-nginx/pull/8258) remove 0.46.0 from supported versions table +- [8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation +- [8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric ### 1.1.2 From abdece6e80b6d54d177cf3f51e43d1f8220c1b1c Mon Sep 17 00:00:00 2001 From: Kundan Kumar Date: Mon, 4 Apr 2022 02:34:10 +0530 Subject: [PATCH 037/494] kubectl-plugin code overview info (#8405) --- docs/developer-guide/code-overview.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/developer-guide/code-overview.md b/docs/developer-guide/code-overview.md index 6f4beb9c9..92f9fcbbd 100644 --- a/docs/developer-guide/code-overview.md +++ b/docs/developer-guide/code-overview.md @@ -101,6 +101,12 @@ The e2e tests code is in [test](https://github.com/kubernetes/ingress-nginx/tree Describe here `kubectl plugin`, `dbg`, `waitshutdown` and cover the hack scripts. +### kubectl plugin + +It containes kubectl plugin for inspecting your ingress-nginx deployments. +This part of code can be found in [cmd/plugin](https://github.com/kubernetes/ingress-nginx/tree/main/cmd/plugin) directory +Detail functions flow and available flow can be found in [kubectl-plugin](https://github.com/kubernetes/ingress-nginx/blob/main/docs/kubectl-plugin.md) + ## Deploy files This directory contains the `yaml` deploy files used as examples or references in the docs to deploy Ingress NGINX and other components. From c6a8ad9a65485b1c4593266ab067dc33f3140c4f Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 6 Apr 2022 16:46:26 -0400 Subject: [PATCH 038/494] Darwin arm64 (#8399) * Use sed instead of gnu find flags Signed-off-by: Josh Soref * Support building linux/amd64 on darin/arm64 Signed-off-by: Josh Soref * Upgrade awesome_bot to dkhamsing/awesome_bot:1.20.0 Signed-off-by: Josh Soref * Favor find -prune for vendor Signed-off-by: Josh Soref * Skip golang modcache folder Signed-off-by: Josh Soref * Favor find -prune for changelog Signed-off-by: Josh Soref * Ignore Changelogs of any case Signed-off-by: Josh Soref * Fix service-l7 link Signed-off-by: Josh Soref * Fix route53-mapper link Signed-off-by: Josh Soref * Update rootfs contents description The auxiliary scripts were removed after: https://github.com/kubernetes/ingress-nginx/tree/ab8349008a1db07205c4e6a9a80b16caafd272d4/rootfs/ingress-controller Signed-off-by: Josh Soref * Update paths for modsecurity Signed-off-by: Josh Soref * Update paths for modsecurity_snippet Signed-off-by: Josh Soref * Update toc for 20190815-zone-aware-routing.md Signed-off-by: Josh Soref * Use Internet Archive for datapath.io blog entry Signed-off-by: Josh Soref * Use Internet Archive for cloudflare.com help center entry Signed-off-by: Josh Soref * Use https for nginx.org Signed-off-by: Josh Soref Co-authored-by: Josh Soref --- Changelog.md | 2 +- Makefile | 16 +- build/run-in-docker.sh | 8 + charts/ingress-nginx/README.md | 4 +- charts/ingress-nginx/README.md.gotmpl | 4 +- docs/deploy/index.md | 2 +- docs/developer-guide/code-overview.md | 2 +- docs/e2e-tests.md | 22 +-- .../20190815-zone-aware-routing.md | 18 +- docs/how-it-works.md | 2 +- docs/troubleshooting.md | 2 +- docs/user-guide/fcgi-services.md | 4 +- docs/user-guide/miscellaneous.md | 2 +- .../nginx-configuration/annotations.md | 36 ++-- .../nginx-configuration/configmap.md | 168 +++++++++--------- docs/user-guide/nginx-configuration/index.md | 2 +- .../nginx-configuration/log-format.md | 4 +- docs/user-guide/tls.md | 2 +- rootfs/etc/nginx/lua/plugins/README.md | 2 +- 19 files changed, 159 insertions(+), 143 deletions(-) diff --git a/Changelog.md b/Changelog.md index 86a1d123d..0ef69197d 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1001,7 +1001,7 @@ _Documentation:_ _New Features:_ - NGINX 1.19.2 -- New configmap option `enable-real-ip` to enable [realip_module](http://nginx.org/en/docs/http/ngx_http_realip_module.html) +- New configmap option `enable-real-ip` to enable [realip_module](https://nginx.org/en/docs/http/ngx_http_realip_module.html) - Use k8s.gcr.io vanity domain - Go 1.15 - client-go v0.18.6 diff --git a/Makefile b/Makefile index d7ae2adfb..c4e109d86 100644 --- a/Makefile +++ b/Makefile @@ -49,6 +49,10 @@ ifeq ($(ARCH),) $(error mandatory variable ARCH is empty, either set it when calling the command or make sure 'go env GOARCH' works) endif +ifneq ($(PLATFORM),) + PLATFORM_FLAG="--platform" +endif + REGISTRY ?= gcr.io/k8s-staging-ingress-nginx BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 @@ -62,6 +66,7 @@ help: ## Display this help image: clean-image ## Build image for a particular arch. echo "Building docker image ($(ARCH))..." @docker build \ + ${PLATFORM_FLAG} ${PLATFORM} \ --no-cache \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ @@ -143,10 +148,11 @@ vet: .PHONY: check_dead_links check_dead_links: ## Check if the documentation contains dead links. - @docker run -t \ - -v $$PWD:/tmp aledbf/awesome_bot:0.1 \ + @docker run ${PLATFORM_FLAG} ${PLATFORM} -t \ + -w /tmp \ + -v $$PWD:/tmp dkhamsing/awesome_bot:1.20.0 \ --allow-dupe \ - --allow-redirect $(shell find $$PWD -mindepth 1 -name "*.md" -printf '%P\n' | grep -v vendor | grep -v Changelog.md) + --allow-redirect $(shell find $$PWD -mindepth 1 -name vendor -prune -o -name .modcache -prune -o -iname Changelog.md -prune -o -name "*.md" | sed -e "s#$$PWD/##") .PHONY: dev-env dev-env: ## Starts a local Kubernetes cluster using kind, building and deploying the ingress controller. @@ -158,8 +164,8 @@ dev-env-stop: ## Deletes local Kubernetes cluster created by kind. .PHONY: live-docs live-docs: ## Build and launch a local copy of the documentation website in http://localhost:8000 - @docker build -t ingress-nginx-docs .github/actions/mkdocs - @docker run --rm -it \ + @docker build ${PLATFORM_FLAG} ${PLATFORM} -t ingress-nginx-docs .github/actions/mkdocs + @docker run ${PLATFORM_FLAG} ${PLATFORM} --rm -it \ -p 8000:8000 \ -v ${PWD}:/docs \ --entrypoint mkdocs \ diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 60c566941..315756269 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -55,10 +55,18 @@ fi # create output directory as current user to avoid problem with docker. mkdir -p "${KUBE_ROOT}/bin" "${KUBE_ROOT}/bin/${ARCH}" +PLATFORM="${PLATFORM:-}" +if [[ -n "$PLATFORM" ]]; then + PLATFORM_FLAG=--platform +else + PLATFORM_FLAG= +fi + if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then /bin/bash -c "${FLAGS}" else docker run \ + ${PLATFORM_FLAG} ${PLATFORM} \ --tty \ --rm \ ${DOCKER_OPTS} \ diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 0647db915..c52b0ae51 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -111,7 +111,7 @@ controller: ### AWS L7 ELB with SSL Termination -Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/main/deploy/aws/l7/service-l7.yaml): +Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/ab3a789caae65eec4ad6e3b46b19750b481b6bce/deploy/aws/l7/service-l7.yaml): ```yaml controller: @@ -128,7 +128,7 @@ controller: ### AWS route53-mapper -To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/tree/master/addons/route53-mapper), add the `domainName` annotation and `dns` label: +To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label: ```yaml controller: diff --git a/charts/ingress-nginx/README.md.gotmpl b/charts/ingress-nginx/README.md.gotmpl index 5cd9e59e1..895996111 100644 --- a/charts/ingress-nginx/README.md.gotmpl +++ b/charts/ingress-nginx/README.md.gotmpl @@ -110,7 +110,7 @@ controller: ### AWS L7 ELB with SSL Termination -Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/main/deploy/aws/l7/service-l7.yaml): +Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/ab3a789caae65eec4ad6e3b46b19750b481b6bce/deploy/aws/l7/service-l7.yaml): ```yaml controller: @@ -127,7 +127,7 @@ controller: ### AWS route53-mapper -To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/tree/master/addons/route53-mapper), add the `domainName` annotation and `dns` label: +To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label: ```yaml controller: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 849040574..7c9219012 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -218,7 +218,7 @@ By default, TLS is terminated in the ingress controller. But it is also possible Idle timeout value for TCP flows is 350 seconds and [cannot be modified](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout). -For this reason, you need to ensure the [keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) value is configured less than 350 seconds to work as expected. +For this reason, you need to ensure the [keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) value is configured less than 350 seconds to work as expected. By default NGINX `keepalive_timeout` is set to `75s`. diff --git a/docs/developer-guide/code-overview.md b/docs/developer-guide/code-overview.md index 92f9fcbbd..7531daf92 100644 --- a/docs/developer-guide/code-overview.md +++ b/docs/developer-guide/code-overview.md @@ -146,7 +146,7 @@ This is NGINX with some Lua enhancement. We do dynamic certificate, endpoints ha The files are in [rootfs](https://github.com/kubernetes/ingress-nginx/tree/main/rootfs) directory and contains: * The Dockerfile -* [Auxiliary scripts](https://github.com/kubernetes/ingress-nginx/tree/main/rootfs/ingress-controller) +* [nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/rootfs/etc/nginx) #### Ingress NGINX Lua Scripts diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index 29ef07161..fa8158887 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -132,16 +132,16 @@ - [should set valid proxy-ssl-secret, proxy-ssl-protocols](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L122) - [proxy-ssl-location-only flag should change the nginx config server part](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L150) -### [modsecurity owasp](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity.go#L27) +### [modsecurity owasp](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L27) -- [should enable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity.go#L34) -- [should enable modsecurity with transaction ID and OWASP rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity.go#L52) -- [should disable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity.go#L73) -- [should enable modsecurity with snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity.go#L90) -- [should enable modsecurity without using 'modsecurity on;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity.go#L109) -- [should disable modsecurity using 'modsecurity off;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity.go#L131) -- [should enable modsecurity with snippet and block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity.go#L152) -- [should enable modsecurity globally and with modsecurity-snippet block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity.go#L186) +- [should enable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L34) +- [should enable modsecurity with transaction ID and OWASP rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L52) +- [should disable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L73) +- [should enable modsecurity with snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L90) +- [should enable modsecurity without using 'modsecurity on;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L109) +- [should disable modsecurity using 'modsecurity off;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L131) +- [should enable modsecurity with snippet and block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L152) +- [should enable modsecurity globally and with modsecurity-snippet block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L186) ### [backend-protocol - GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L38) @@ -534,9 +534,9 @@ - [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) - [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) -### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity_snippet.go#L27) +### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27) -- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity_snippet.go#L30) +- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30) ### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42) diff --git a/docs/enhancements/20190815-zone-aware-routing.md b/docs/enhancements/20190815-zone-aware-routing.md index 357e8ad92..7000fb6fd 100644 --- a/docs/enhancements/20190815-zone-aware-routing.md +++ b/docs/enhancements/20190815-zone-aware-routing.md @@ -17,13 +17,15 @@ status: implementable ## Table of Contents -- [Summary](#summary) -- [Motivation](#motivation) - - [Goals](#goals) - - [Non-Goals](#non-goals) -- [Proposal](#proposal) -- [Implementation History](#implementation-history) -- [Drawbacks [optional]](#drawbacks-optional) +- [Availability zone aware routing](#availability-zone-aware-routing) + - [Table of Contents](#table-of-contents) + - [Summary](#summary) + - [Motivation](#motivation) + - [Goals](#goals) + - [Non-Goals](#non-goals) + - [Proposal](#proposal) + - [Implementation History](#implementation-history) + - [Drawbacks [optional]](#drawbacks-optional) ## Summary @@ -39,7 +41,7 @@ inter-zone traffic and usually costs extra money. At the time of this writing, GCP charges $0.01 per GB of inter-zone egress traffic according to https://cloud.google.com/compute/network-pricing. -According to https://datapath.io/resources/blog/what-are-aws-data-transfer-costs-and-how-to-minimize-them/ Amazon also charges the same amount of money as GCP for cross-zone, egress traffic. +According to [https://datapath.io/resources/blog/what-are-aws-data-transfer-costs-and-how-to-minimize-them/](https://web.archive.org/web/20201008160149/https://datapath.io/resources/blog/what-are-aws-data-transfer-costs-and-how-to-minimize-them/) Amazon also charges the same amount of money as GCP for cross-zone, egress traffic. This can be a lot of money depending on once's traffic. By teaching ingress-nginx about zones we can eliminate or at least decrease this cost. diff --git a/docs/how-it-works.md b/docs/how-it-works.md index b7d48b00c..4ad824dc8 100644 --- a/docs/how-it-works.md +++ b/docs/how-it-works.md @@ -70,5 +70,5 @@ This webhook appends the incoming ingress objects to the list of ingresses, gene [4]: https://github.com/kubernetes/ingress-nginx/blob/main/internal/task/queue.go#L38 [5]: https://golang.org/pkg/sync/#Mutex [6]: https://github.com/kubernetes/ingress-nginx/blob/main/rootfs/etc/nginx/template/nginx.tmpl -[7]: http://nginx.org/en/docs/beginners_guide.html#control +[7]: https://nginx.org/en/docs/beginners_guide.html#control [8]: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 2e8684a8b..415bd3b96 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -110,7 +110,7 @@ $ kubectl edit deploy -n ingress-nginx-control - `--v=2` shows details using `diff` about the changes in the configuration in nginx - `--v=3` shows details about the service, Ingress rule, endpoint changes and it dumps the nginx configuration in JSON format -- `--v=5` configures NGINX in [debug mode](http://nginx.org/en/docs/debugging_log.html) +- `--v=5` configures NGINX in [debug mode](https://nginx.org/en/docs/debugging_log.html) ## Authentication to the Kubernetes API Server diff --git a/docs/user-guide/fcgi-services.md b/docs/user-guide/fcgi-services.md index becb4819f..db4d9428b 100644 --- a/docs/user-guide/fcgi-services.md +++ b/docs/user-guide/fcgi-services.md @@ -93,13 +93,13 @@ To enable FastCGI, the `nginx.ingress.kubernetes.io/backend-protocol` annotation ### The `nginx.ingress.kubernetes.io/fastcgi-index` Annotation -To specify an index file, the `fastcgi-index` annotation value can optionally be set. In the example below, the value is set to `index.php`. This annotation corresponds to [the _NGINX_ `fastcgi_index` directive](http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_index). +To specify an index file, the `fastcgi-index` annotation value can optionally be set. In the example below, the value is set to `index.php`. This annotation corresponds to [the _NGINX_ `fastcgi_index` directive](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_index). > `nginx.ingress.kubernetes.io/fastcgi-index: "index.php"` ### The `nginx.ingress.kubernetes.io/fastcgi-params-configmap` Annotation -To specify [_NGINX_ `fastcgi_param` directives](http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_param), the `fastcgi-params-configmap` annotation is used, which in turn must lead to a _ConfigMap_ object containing the _NGINX_ `fastcgi_param` directives as key/values. +To specify [_NGINX_ `fastcgi_param` directives](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_param), the `fastcgi-params-configmap` annotation is used, which in turn must lead to a _ConfigMap_ object containing the _NGINX_ `fastcgi_param` directives as key/values. > `nginx.ingress.kubernetes.io/fastcgi-params-configmap: "example-configmap"` diff --git a/docs/user-guide/miscellaneous.md b/docs/user-guide/miscellaneous.md index a991d91b9..196ea17fc 100644 --- a/docs/user-guide/miscellaneous.md +++ b/docs/user-guide/miscellaneous.md @@ -36,7 +36,7 @@ A more adequate value to support websockets is a value higher than one hour (`36 ## Optimizing TLS Time To First Byte (TTTFB) -NGINX provides the configuration option [ssl_buffer_size](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size) to allow the optimization of the TLS record size. +NGINX provides the configuration option [ssl_buffer_size](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size) to allow the optimization of the TLS record size. This improves the [TLS Time To First Byte](https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/) (TTTFB). The default value in the Ingress controller is `4k` (NGINX default is `16k`). diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index a0086abec..027db9407 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -222,7 +222,7 @@ nginx.ingress.kubernetes.io/auth-realm: "realm string" ### Custom NGINX upstream hashing -NGINX supports load balancing by client-server mapping based on [consistent hashing](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#hash) for a given key. The key can contain text, variables or any combination thereof. This feature allows for request stickiness other than client IP or cookies. The [ketama](https://www.last.fm/user/RJ/journal/2007/04/10/rz_libketama_-_a_consistent_hashing_algo_for_memcache_clients) consistent hashing method will be used which ensures only a few keys would be remapped to different servers on upstream group changes. +NGINX supports load balancing by client-server mapping based on [consistent hashing](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#hash) for a given key. The key can contain text, variables or any combination thereof. This feature allows for request stickiness other than client IP or cookies. The [ketama](https://www.last.fm/user/RJ/journal/2007/04/10/rz_libketama_-_a_consistent_hashing_algo_for_memcache_clients) consistent hashing method will be used which ensures only a few keys would be remapped to different servers on upstream group changes. There is a special mode of upstream hashing called subset. In this mode, upstream servers are grouped into subsets, and stickiness works by mapping keys to a subset instead of individual upstream servers. Specific server is chosen uniformly at random from the selected sticky subset. It provides a balance between stickiness and load distribution. @@ -277,7 +277,7 @@ The following headers are sent to the upstream service according to the `auth-tl Cloudflare only allows Authenticated Origin Pulls and is required to use their own certificate: [https://blog.cloudflare.com/protecting-the-origin-with-tls-authenticated-origin-pulls/](https://blog.cloudflare.com/protecting-the-origin-with-tls-authenticated-origin-pulls/) - Only Authenticated Origin Pulls are allowed and can be configured by following their tutorial: [https://support.cloudflare.com/hc/en-us/articles/204494148-Setting-up-NGINX-to-use-TLS-Authenticated-Origin-Pulls](https://support.cloudflare.com/hc/en-us/articles/204494148-Setting-up-NGINX-to-use-TLS-Authenticated-Origin-Pulls) + Only Authenticated Origin Pulls are allowed and can be configured by following their tutorial: [https://support.cloudflare.com/hc/en-us/articles/204494148-Setting-up-NGINX-to-use-TLS-Authenticated-Origin-Pulls](https://web.archive.org/web/20200907143649/https://support.cloudflare.com/hc/en-us/articles/204899617-Setting-up-NGINX-to-use-TLS-Authenticated-Origin-Pulls#section5) ### Backend Certificate Authentication @@ -291,11 +291,11 @@ It is possible to authenticate to a proxied HTTPS backend with certificate using * `nginx.ingress.kubernetes.io/proxy-ssl-verify-depth`: Sets the verification depth in the proxied HTTPS server certificates chain. (default: 1) * `nginx.ingress.kubernetes.io/proxy-ssl-ciphers`: - Specifies the enabled [ciphers](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_ciphers) for requests to a proxied HTTPS server. The ciphers are specified in the format understood by the OpenSSL library. + Specifies the enabled [ciphers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_ciphers) for requests to a proxied HTTPS server. The ciphers are specified in the format understood by the OpenSSL library. * `nginx.ingress.kubernetes.io/proxy-ssl-name`: - Allows to set [proxy_ssl_name](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_name). This allows overriding the server name used to verify the certificate of the proxied HTTPS server. This value is also passed through SNI when a connection is established to the proxied HTTPS server. + Allows to set [proxy_ssl_name](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_name). This allows overriding the server name used to verify the certificate of the proxied HTTPS server. This value is also passed through SNI when a connection is established to the proxied HTTPS server. * `nginx.ingress.kubernetes.io/proxy-ssl-protocols`: - Enables the specified [protocols](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_protocols) for requests to a proxied HTTPS server. + Enables the specified [protocols](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_protocols) for requests to a proxied HTTPS server. * `nginx.ingress.kubernetes.io/proxy-ssl-server-name`: Enables passing of the server name through TLS Server Name Indication extension (SNI, RFC 6066) when establishing a connection with the proxied HTTPS server. @@ -397,7 +397,7 @@ This will create a server with the same configuration, but adding new values to If a server-alias is created and later a new server with the same hostname is created, the new server configuration will take place over the alias configuration. -For more information please see [the `server_name` documentation](http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name). +For more information please see [the `server_name` documentation](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name). ### Server snippet @@ -441,7 +441,7 @@ applied to each location provided in the ingress rule. * `nginx.ingress.kubernetes.io/client-body-buffer-size: 1m` # 1 megabyte * `nginx.ingress.kubernetes.io/client-body-buffer-size: 1M` # 1 megabyte -For more information please see [http://nginx.org](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size) +For more information please see [https://nginx.org](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size) ### External Authentication @@ -468,7 +468,7 @@ Additionally it is possible to set: * `nginx.ingress.kubernetes.io/auth-cache-key`: `` this enables caching for auth requests. specify a lookup key for auth responses. e.g. `$remote_user$http_authorization`. Each server and location has it's own keyspace. Hence a cached response is only valid on a per-server and per-location basis. * `nginx.ingress.kubernetes.io/auth-cache-duration`: - `` to specify a caching time for auth responses based on their response codes, e.g. `200 202 30m`. See [proxy_cache_valid](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid) for details. You may specify multiple, comma-separated values: `200 202 10m, 401 5m`. defaults to `200 202 401 5m`. + `` to specify a caching time for auth responses based on their response codes, e.g. `200 202 30m`. See [proxy_cache_valid](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid) for details. You may specify multiple, comma-separated values: `200 202 10m, 401 5m`. defaults to `200 202 401 5m`. * `nginx.ingress.kubernetes.io/auth-snippet`: `` to specify a custom snippet to use with external authentication, e.g. @@ -642,7 +642,7 @@ Note: All timeout values are unitless and in seconds e.g. `nginx.ingress.kuberne ### Proxy redirect The annotations `nginx.ingress.kubernetes.io/proxy-redirect-from` and `nginx.ingress.kubernetes.io/proxy-redirect-to` will set the first and second parameters of NGINX's proxy_redirect directive respectively. It is possible to -set the text that should be changed in the `Location` and `Refresh` header fields of a [proxied server response](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect) +set the text that should be changed in the `Location` and `Refresh` header fields of a [proxied server response](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect) Setting "off" or "default" in the annotation `nginx.ingress.kubernetes.io/proxy-redirect-from` disables `nginx.ingress.kubernetes.io/proxy-redirect-to`, otherwise, both annotations must be used in unison. Note that each annotation must be a string without spaces. @@ -651,7 +651,7 @@ By default the value of each annotation is "off". ### Custom max body size -For NGINX, an 413 error will be returned to the client when the size in a request exceeds the maximum allowed size of the client request body. This size can be configured by the parameter [`client_max_body_size`](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size). +For NGINX, an 413 error will be returned to the client when the size in a request exceeds the maximum allowed size of the client request body. This size can be configured by the parameter [`client_max_body_size`](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size). To configure this setting globally for all Ingress rules, the `proxy-body-size` value may be set in the [NGINX ConfigMap](./configmap.md#proxy-body-size). To use custom values in an Ingress rule define these annotation: @@ -662,19 +662,19 @@ nginx.ingress.kubernetes.io/proxy-body-size: 8m ### Proxy cookie domain -Sets a text that [should be changed in the domain attribute](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain) of the "Set-Cookie" header fields of a proxied server response. +Sets a text that [should be changed in the domain attribute](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain) of the "Set-Cookie" header fields of a proxied server response. To configure this setting globally for all Ingress rules, the `proxy-cookie-domain` value may be set in the [NGINX ConfigMap](./configmap.md#proxy-cookie-domain). ### Proxy cookie path -Sets a text that [should be changed in the path attribute](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_path) of the "Set-Cookie" header fields of a proxied server response. +Sets a text that [should be changed in the path attribute](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_path) of the "Set-Cookie" header fields of a proxied server response. To configure this setting globally for all Ingress rules, the `proxy-cookie-path` value may be set in the [NGINX ConfigMap](./configmap.md#proxy-cookie-path). ### Proxy buffering -Enable or disable proxy buffering [`proxy_buffering`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering). +Enable or disable proxy buffering [`proxy_buffering`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering). By default proxy buffering is disabled in the NGINX config. To configure this setting globally for all Ingress rules, the `proxy-buffering` value may be set in the [NGINX ConfigMap](./configmap.md#proxy-buffering). @@ -686,7 +686,7 @@ nginx.ingress.kubernetes.io/proxy-buffering: "on" ### Proxy buffers Number -Sets the number of the buffers in [`proxy_buffers`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) used for reading the first part of the response received from the proxied server. +Sets the number of the buffers in [`proxy_buffers`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) used for reading the first part of the response received from the proxied server. By default proxy buffers number is set as 4 To configure this setting globally, set `proxy-buffers-number` in [NGINX ConfigMap](./configmap.md#proxy-buffers-number). To use custom values in an Ingress rule, define this annotation: @@ -696,7 +696,7 @@ nginx.ingress.kubernetes.io/proxy-buffers-number: "4" ### Proxy buffer size -Sets the size of the buffer [`proxy_buffer_size`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) used for reading the first part of the response received from the proxied server. +Sets the size of the buffer [`proxy_buffer_size`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) used for reading the first part of the response received from the proxied server. By default proxy buffer size is set as "4k" To configure this setting globally, set `proxy-buffer-size` in [NGINX ConfigMap](./configmap.md#proxy-buffer-size). To use custom values in an Ingress rule, define this annotation: @@ -706,7 +706,7 @@ nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" ### Proxy max temp file size -When [`buffering`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) of responses from the proxied server is enabled, and the whole response does not fit into the buffers set by the [`proxy_buffer_size`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) and [`proxy_buffers`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directives, a part of the response can be saved to a temporary file. This directive sets the maximum `size` of the temporary file setting the [`proxy_max_temp_file_size`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size). The size of data written to the temporary file at a time is set by the [`proxy_temp_file_write_size`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_temp_file_write_size) directive. +When [`buffering`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) of responses from the proxied server is enabled, and the whole response does not fit into the buffers set by the [`proxy_buffer_size`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) and [`proxy_buffers`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directives, a part of the response can be saved to a temporary file. This directive sets the maximum `size` of the temporary file setting the [`proxy_max_temp_file_size`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size). The size of data written to the temporary file at a time is set by the [`proxy_temp_file_write_size`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_temp_file_write_size) directive. The zero value disables buffering of responses to temporary files. @@ -717,7 +717,7 @@ nginx.ingress.kubernetes.io/proxy-max-temp-file-size: "1024m" ### Proxy HTTP version -Using this annotation sets the [`proxy_http_version`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version) that the Nginx reverse proxy will use to communicate with the backend. +Using this annotation sets the [`proxy_http_version`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version) that the Nginx reverse proxy will use to communicate with the backend. By default this is set to "1.1". ```yaml @@ -726,7 +726,7 @@ nginx.ingress.kubernetes.io/proxy-http-version: "1.0" ### SSL ciphers -Specifies the [enabled ciphers](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers). +Specifies the [enabled ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers). Using this annotation will set the `ssl_ciphers` directive at the server level. This configuration is active for all the paths in the host. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index b48cc1028..daad89501 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -246,14 +246,14 @@ Sets additional header that will not be passed from the upstream server to the c _**default:**_ empty _References:_ -[http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) +[https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) ## access-log-params Additional params for access_log. For example, buffer=16k, gzip, flush=1m _References:_ -[http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log](http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) +[https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) ## access-log-path @@ -286,7 +286,7 @@ Error log path. Goes to `/var/log/nginx/error.log` by default. __Note:__ the file `/var/log/nginx/error.log` is a symlink to `/dev/stderr` _References:_ -[http://nginx.org/en/docs/ngx_core_module.html#error_log](http://nginx.org/en/docs/ngx_core_module.html#error_log) +[https://nginx.org/en/docs/ngx_core_module.html#error_log](https://nginx.org/en/docs/ngx_core_module.html#error_log) ## enable-modsecurity @@ -305,35 +305,35 @@ Adds custom rules to modsecurity section of nginx configuration Allows to configure a custom buffer size for reading client request header. _References:_ -[http://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_buffer_size](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_buffer_size) +[https://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_buffer_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_buffer_size) ## client-header-timeout Defines a timeout for reading client request header, in seconds. _References:_ -[http://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_timeout) +[https://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_timeout) ## client-body-buffer-size Sets buffer size for reading client request body. _References:_ -[http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size) +[https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size) ## client-body-timeout Defines a timeout for reading client request body, in seconds. _References:_ -[http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout) +[https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout) ## disable-access-log Disables the Access Log from the entire Ingress Controller. _**default:**_ `false` _References:_ -[http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log](http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) +[https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) ## disable-ipv6 @@ -366,7 +366,7 @@ Since 1.9.13 NGINX will not retry non-idempotent requests (POST, LOCK, PATCH) in Configures the logging level of errors. Log levels above are listed in the order of increasing severity. _References:_ -[http://nginx.org/en/docs/ngx_core_module.html#error_log](http://nginx.org/en/docs/ngx_core_module.html#error_log) +[https://nginx.org/en/docs/ngx_core_module.html#error_log](https://nginx.org/en/docs/ngx_core_module.html#error_log) ## http2-max-field-size @@ -387,14 +387,14 @@ _References:_ Sets the maximum number of requests (including push requests) that can be served through one HTTP/2 connection, after which the next client request will lead to connection closing and the need of establishing a new connection. _References:_ -[http://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_requests](http://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_requests) +[https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_requests](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_requests) ## http2-max-concurrent-streams Sets the maximum number of concurrent HTTP/2 streams in a connection. _References:_ -[http://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams](http://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams) +[https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams) ## hsts @@ -423,7 +423,7 @@ Enables or disables the preload attribute in the HSTS feature (when it is enable Sets the time during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. _References:_ -[http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) +[https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) !!! important Setting `keep-alive: '0'` will most likely break concurrent http/2 requests due to changes introduced with nginx 1.19.7 @@ -439,7 +439,7 @@ Changes with nginx 1.19.7 16 Feb 2021 ``` _References:_ -[nginx change log](http://nginx.org/en/CHANGES) +[nginx change log](https://nginx.org/en/CHANGES) [nginx issue tracker](https://trac.nginx.org/nginx/ticket/2155) [nginx mailing list](https://mailman.nginx.org/pipermail/nginx/2021-May/060697.html) @@ -448,22 +448,22 @@ _References:_ Sets the maximum number of requests that can be served through one keep-alive connection. _References:_ -[http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests) +[https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests) ## large-client-header-buffers Sets the maximum number and size of buffers used for reading large client request header. _**default:**_ 4 8k _References:_ -[http://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers](http://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers) +[https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers](https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers) ## log-format-escape-json -Sets if the escape parameter allows JSON ("true") or default characters escaping in variables ("false") Sets the nginx [log format](http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format). +Sets if the escape parameter allows JSON ("true") or default characters escaping in variables ("false") Sets the nginx [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format). ## log-format-upstream -Sets the nginx [log format](http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format). +Sets the nginx [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format). Example for json output: ```json @@ -486,11 +486,11 @@ If disabled, a worker process will accept one new connection at a time. Otherwis _**default:**_ true _References:_ -[http://nginx.org/en/docs/ngx_core_module.html#multi_accept](http://nginx.org/en/docs/ngx_core_module.html#multi_accept) +[https://nginx.org/en/docs/ngx_core_module.html#multi_accept](https://nginx.org/en/docs/ngx_core_module.html#multi_accept) ## max-worker-connections -Sets the [maximum number of simultaneous connections](http://nginx.org/en/docs/ngx_core_module.html#worker_connections) that can be opened by each worker process. +Sets the [maximum number of simultaneous connections](https://nginx.org/en/docs/ngx_core_module.html#worker_connections) that can be opened by each worker process. 0 will use the value of [max-worker-open-files](#max-worker-open-files). _**default:**_ 16384 @@ -499,13 +499,13 @@ _**default:**_ 16384 ## max-worker-open-files -Sets the [maximum number of files](http://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile) that can be opened by each worker process. +Sets the [maximum number of files](https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile) that can be opened by each worker process. The default of 0 means "max open files (system's limit) - 1024". _**default:**_ 0 ## map-hash-bucket-size -Sets the bucket size for the [map variables hash tables](http://nginx.org/en/docs/http/ngx_http_map_module.html#map_hash_bucket_size). The details of setting up hash tables are provided in a separate [document](http://nginx.org/en/docs/hash.html). +Sets the bucket size for the [map variables hash tables](https://nginx.org/en/docs/http/ngx_http_map_module.html#map_hash_bucket_size). The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html). ## proxy-real-ip-cidr @@ -518,10 +518,10 @@ Sets custom headers from named configmap before sending traffic to backends. The ## server-name-hash-max-size -Sets the maximum size of the [server names hash tables](http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_max_size) used in server names,map directive’s values, MIME types, names of request header strings, etc. +Sets the maximum size of the [server names hash tables](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_max_size) used in server names,map directive’s values, MIME types, names of request header strings, etc. _References:_ -[http://nginx.org/en/docs/hash.html](http://nginx.org/en/docs/hash.html) +[https://nginx.org/en/docs/hash.html](https://nginx.org/en/docs/hash.html) ## server-name-hash-bucket-size @@ -529,8 +529,8 @@ Sets the size of the bucket for the server names hash tables. _References:_ -- [http://nginx.org/en/docs/hash.html](http://nginx.org/en/docs/hash.html) -- [http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size](http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size) +- [https://nginx.org/en/docs/hash.html](https://nginx.org/en/docs/hash.html) +- [https://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size) ## proxy-headers-hash-max-size @@ -538,7 +538,7 @@ Sets the maximum size of the proxy headers hash tables. _References:_ -- [http://nginx.org/en/docs/hash.html](http://nginx.org/en/docs/hash.html) +- [https://nginx.org/en/docs/hash.html](https://nginx.org/en/docs/hash.html) - [https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_headers_hash_max_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_headers_hash_max_size) ## reuse-port @@ -552,7 +552,7 @@ Sets the size of the bucket for the proxy headers hash tables. _References:_ -- [http://nginx.org/en/docs/hash.html](http://nginx.org/en/docs/hash.html) +- [https://nginx.org/en/docs/hash.html](https://nginx.org/en/docs/hash.html) - [https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_headers_hash_bucket_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_headers_hash_bucket_size) ## plugins @@ -565,7 +565,7 @@ Send NGINX Server header in responses and display NGINX version in error pages. ## ssl-ciphers -Sets the [ciphers](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers) list to enable. The ciphers are specified in the format understood by the OpenSSL library. +Sets the [ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers) list to enable. The ciphers are specified in the format understood by the OpenSSL library. The default cipher list is: `ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384`. @@ -583,7 +583,7 @@ __Note:__ ssl_prefer_server_ciphers directive will be enabled by default for htt Specifies a curve for ECDHE ciphers. _References:_ -[http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve) +[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve) ## ssl-dh-param @@ -593,11 +593,11 @@ _References:_ - [https://wiki.openssl.org/index.php/Diffie-Hellman_parameters](https://wiki.openssl.org/index.php/Diffie-Hellman_parameters) - [https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_handshake_and_dhparam](https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_handshake_and_dhparam) -- [http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam) +- [https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam) ## ssl-protocols -Sets the [SSL protocols](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) to use. The default is: `TLSv1.2 TLSv1.3`. +Sets the [SSL protocols](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) to use. The default is: `TLSv1.2 TLSv1.3`. Please check the result of the configuration using `https://ssllabs.com/ssltest/analyze.html` or `https://testssl.sh`. @@ -609,34 +609,34 @@ Time Resumption (0-RTT). This requires `ssl-protocols` to have `TLSv1.3` enabled. Enable this with caution, because requests sent within early data are subject to [replay attacks](https://tools.ietf.org/html/rfc8470). -[ssl_early_data](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data). The default is: `false`. +[ssl_early_data](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data). The default is: `false`. ## ssl-session-cache -Enables or disables the use of shared [SSL cache](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache) among worker processes. +Enables or disables the use of shared [SSL cache](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache) among worker processes. ## ssl-session-cache-size -Sets the size of the [SSL shared session cache](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache) between all worker processes. +Sets the size of the [SSL shared session cache](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache) between all worker processes. ## ssl-session-tickets -Enables or disables session resumption through [TLS session tickets](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets). +Enables or disables session resumption through [TLS session tickets](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets). ## ssl-session-ticket-key Sets the secret key used to encrypt and decrypt TLS session tickets. The value must be a valid base64 string. To create a ticket: `openssl rand 80 | openssl enc -A -base64` -[TLS session ticket-key](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets), by default, a randomly generated key is used. +[TLS session ticket-key](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets), by default, a randomly generated key is used. ## ssl-session-timeout -Sets the time during which a client may [reuse the session](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout) parameters stored in a cache. +Sets the time during which a client may [reuse the session](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout) parameters stored in a cache. ## ssl-buffer-size -Sets the size of the [SSL buffer](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size) used for sending data. The default of 4k helps NGINX to improve TLS Time To First Byte (TTTFB). +Sets the size of the [SSL buffer](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size) used for sending data. The default of 4k helps NGINX to improve TLS Time To First Byte (TTTFB). _References:_ [https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/](https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/) @@ -652,11 +652,11 @@ _**default:**_ 5s ## use-gzip -Enables or disables compression of HTTP responses using the ["gzip" module](http://nginx.org/en/docs/http/ngx_http_gzip_module.html). MIME types to compress are controlled by [gzip-types](#gzip-types). _**default:**_ false +Enables or disables compression of HTTP responses using the ["gzip" module](https://nginx.org/en/docs/http/ngx_http_gzip_module.html). MIME types to compress are controlled by [gzip-types](#gzip-types). _**default:**_ false ## use-geoip -Enables or disables ["geoip" module](http://nginx.org/en/docs/http/ngx_http_geoip_module.html) that creates variables with values depending on the client IP address, using the precompiled MaxMind databases. +Enables or disables ["geoip" module](https://nginx.org/en/docs/http/ngx_http_geoip_module.html) that creates variables with values depending on the client IP address, using the precompiled MaxMind databases. _**default:**_ true > __Note:__ MaxMind legacy databases are discontinued and will not receive updates after 2019-01-02, cf. [discontinuation notice](https://support.maxmind.com/geolite-legacy-discontinuation-notice/). Consider [use-geoip2](#use-geoip2) below. @@ -695,7 +695,7 @@ _**default:**_ `application/xml+rss application/atom+xml application/javascript ## use-http2 -Enables or disables [HTTP/2](http://nginx.org/en/docs/http/ngx_http_v2_module.html) support in secure connections. +Enables or disables [HTTP/2](https://nginx.org/en/docs/http/ngx_http_v2_module.html) support in secure connections. ## gzip-level @@ -712,12 +712,12 @@ _**default:**_ `application/atom+xml application/javascript application/x-javasc ## worker-processes -Sets the number of [worker processes](http://nginx.org/en/docs/ngx_core_module.html#worker_processes). +Sets the number of [worker processes](https://nginx.org/en/docs/ngx_core_module.html#worker_processes). The default of "auto" means number of available CPU cores. ## worker-cpu-affinity -Binds worker processes to the sets of CPUs. [worker_cpu_affinity](http://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity). +Binds worker processes to the sets of CPUs. [worker_cpu_affinity](https://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity). By default worker processes are not bound to any specific CPUs. The value can be: - "": empty string indicate no affinity is applied. @@ -726,7 +726,7 @@ By default worker processes are not bound to any specific CPUs. The value can be ## worker-shutdown-timeout -Sets a timeout for Nginx to [wait for worker to gracefully shutdown](http://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout). _**default:**_ "240s" +Sets a timeout for Nginx to [wait for worker to gracefully shutdown](https://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout). _**default:**_ "240s" ## load-balance @@ -742,21 +742,21 @@ The default is `round_robin`. - To load balance using session cookies, consider the `nginx.ingress.kubernetes.io/affinity` annotation. _References:_ -[http://nginx.org/en/docs/http/load_balancing.html](http://nginx.org/en/docs/http/load_balancing.html) +[https://nginx.org/en/docs/http/load_balancing.html](https://nginx.org/en/docs/http/load_balancing.html) ## variables-hash-bucket-size Sets the bucket size for the variables hash table. _References:_ -[http://nginx.org/en/docs/http/ngx_http_map_module.html#variables_hash_bucket_size](http://nginx.org/en/docs/http/ngx_http_map_module.html#variables_hash_bucket_size) +[https://nginx.org/en/docs/http/ngx_http_map_module.html#variables_hash_bucket_size](https://nginx.org/en/docs/http/ngx_http_map_module.html#variables_hash_bucket_size) ## variables-hash-max-size Sets the maximum size of the variables hash table. _References:_ -[http://nginx.org/en/docs/http/ngx_http_map_module.html#variables_hash_max_size](http://nginx.org/en/docs/http/ngx_http_map_module.html#variables_hash_max_size) +[https://nginx.org/en/docs/http/ngx_http_map_module.html#variables_hash_max_size](https://nginx.org/en/docs/http/ngx_http_map_module.html#variables_hash_max_size) ## upstream-keepalive-connections @@ -766,7 +766,7 @@ exceeded, the least recently used connections are closed. _**default:**_ 320 _References:_ -[http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) +[https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) ## upstream-keepalive-timeout @@ -775,7 +775,7 @@ Sets a timeout during which an idle keepalive connection to an upstream server w _**default:**_ 60 _References:_ -[http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout) +[https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout) ## upstream-keepalive-requests @@ -786,47 +786,47 @@ _**default:**_ 10000 _References:_ -[http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests) +[https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests) ## limit-conn-zone-variable -Sets parameters for a shared memory zone that will keep states for various keys of [limit_conn_zone](http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_zone). The default of "$binary_remote_addr" variable’s size is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses. +Sets parameters for a shared memory zone that will keep states for various keys of [limit_conn_zone](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_zone). The default of "$binary_remote_addr" variable’s size is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses. ## proxy-stream-timeout Sets the timeout between two successive read or write operations on client or proxied server connections. If no data is transmitted within this time, the connection is closed. _References:_ -[http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout) +[https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout) ## proxy-stream-next-upstream When a connection to the proxied server cannot be established, determines whether a client connection will be passed to the next server. _References:_ -[http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream) +[https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream) ## proxy-stream-next-upstream-timeout Limits the time allowed to pass a connection to the next server. The 0 value turns off this limitation. _References:_ -[http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_timeout](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_timeout) +[https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_timeout](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_timeout) ## proxy-stream-next-upstream-tries Limits the number of possible tries a request should be passed to the next server. The 0 value turns off this limitation. _References:_ -[http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_tries](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_timeout) +[https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_tries](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_timeout) ## proxy-stream-responses Sets the number of datagrams expected from the proxied server in response to the client request if the UDP protocol is used. _References:_ -[http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_responses](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_responses) +[https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_responses](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_responses) ## bind-address @@ -840,7 +840,7 @@ If false, NGINX ignores incoming `X-Forwarded-*` headers, filling them with the ## enable-real-ip -`enable-real-ip` enables the configuration of [http://nginx.org/en/docs/http/ngx_http_realip_module.html](http://nginx.org/en/docs/http/ngx_http_realip_module.html). Specific attributes of the module can be configured further by using `forwarded-for-header` and `proxy-real-ip-cidr` settings. +`enable-real-ip` enables the configuration of [https://nginx.org/en/docs/http/ngx_http_realip_module.html](https://nginx.org/en/docs/http/ngx_http_realip_module.html). Specific attributes of the module can be configured further by using `forwarded-for-header` and `proxy-real-ip-cidr` settings. ## forwarded-for-header @@ -1001,67 +1001,67 @@ You can not use this to add new locations that proxy to the Kubernetes pods, as ## custom-http-errors -Enables which HTTP codes should be passed for processing with the [error_page directive](http://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) +Enables which HTTP codes should be passed for processing with the [error_page directive](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) -Setting at least one code also enables [proxy_intercept_errors](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) which are required to process error_page. +Setting at least one code also enables [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) which are required to process error_page. Example usage: `custom-http-errors: 404,415` ## proxy-body-size Sets the maximum allowed size of the client request body. -See NGINX [client_max_body_size](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size). +See NGINX [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size). ## proxy-connect-timeout -Sets the timeout for [establishing a connection with a proxied server](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout). It should be noted that this timeout cannot usually exceed 75 seconds. +Sets the timeout for [establishing a connection with a proxied server](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout). It should be noted that this timeout cannot usually exceed 75 seconds. ## proxy-read-timeout -Sets the timeout in seconds for [reading a response from the proxied server](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout). The timeout is set only between two successive read operations, not for the transmission of the whole response. +Sets the timeout in seconds for [reading a response from the proxied server](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout). The timeout is set only between two successive read operations, not for the transmission of the whole response. ## proxy-send-timeout -Sets the timeout in seconds for [transmitting a request to the proxied server](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_send_timeout). The timeout is set only between two successive write operations, not for the transmission of the whole request. +Sets the timeout in seconds for [transmitting a request to the proxied server](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_send_timeout). The timeout is set only between two successive write operations, not for the transmission of the whole request. ## proxy-buffers-number -Sets the number of the buffer used for [reading the first part of the response](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) received from the proxied server. This part usually contains a small response header. +Sets the number of the buffer used for [reading the first part of the response](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) received from the proxied server. This part usually contains a small response header. ## proxy-buffer-size -Sets the size of the buffer used for [reading the first part of the response](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) received from the proxied server. This part usually contains a small response header. +Sets the size of the buffer used for [reading the first part of the response](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) received from the proxied server. This part usually contains a small response header. ## proxy-cookie-path -Sets a text that [should be changed in the path attribute](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_path) of the “Set-Cookie” header fields of a proxied server response. +Sets a text that [should be changed in the path attribute](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_path) of the “Set-Cookie” header fields of a proxied server response. ## proxy-cookie-domain -Sets a text that [should be changed in the domain attribute](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain) of the “Set-Cookie” header fields of a proxied server response. +Sets a text that [should be changed in the domain attribute](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain) of the “Set-Cookie” header fields of a proxied server response. ## proxy-next-upstream -Specifies in [which cases](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream) a request should be passed to the next server. +Specifies in [which cases](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream) a request should be passed to the next server. ## proxy-next-upstream-timeout -[Limits the time](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_timeout) in seconds during which a request can be passed to the next server. +[Limits the time](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_timeout) in seconds during which a request can be passed to the next server. ## proxy-next-upstream-tries -Limit the number of [possible tries](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_tries) a request should be passed to the next server. +Limit the number of [possible tries](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_tries) a request should be passed to the next server. ## proxy-redirect-from Sets the original text that should be changed in the "Location" and "Refresh" header fields of a proxied server response. _**default:**_ off _References:_ -[http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect) +[https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect) ## proxy-request-buffering -Enables or disables [buffering of a client request body](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_request_buffering). +Enables or disables [buffering of a client request body](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_request_buffering). ## ssl-redirect @@ -1075,7 +1075,7 @@ _**default:**_ "false" ## whitelist-source-range Sets the default whitelisted IPs for each `server` block. This can be overwritten by an annotation on an Ingress rule. -See [ngx_http_access_module](http://nginx.org/en/docs/http/ngx_http_access_module.html). +See [ngx_http_access_module](https://nginx.org/en/docs/http/ngx_http_access_module.html). ## skip-access-log-urls @@ -1086,7 +1086,7 @@ Sets a list of URLs that should not appear in the NGINX access log. This is usef Limits the rate of response transmission to a client. The rate is specified in bytes per second. The zero value disables rate limiting. The limit is set per a request, and so if a client simultaneously opens two connections, the overall rate will be twice as much as the specified limit. _References:_ -[http://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate](http://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate) +[https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate](https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate) ## limit-rate-after @@ -1114,7 +1114,7 @@ lua-shared-dicts: "certificate_data: 100, my_custom_plugin: 512k" ``` _References:_ -[http://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate_after](http://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate_after) +[https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate_after](https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate_after) ## http-redirect-code @@ -1128,19 +1128,19 @@ _**default:**_ 308 ## proxy-buffering -Enables or disables [buffering of responses from the proxied server](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering). +Enables or disables [buffering of responses from the proxied server](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering). ## limit-req-status-code -Sets the [status code to return in response to rejected requests](http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_status). _**default:**_ 503 +Sets the [status code to return in response to rejected requests](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_status). _**default:**_ 503 ## limit-conn-status-code -Sets the [status code to return in response to rejected connections](http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_status). _**default:**_ 503 +Sets the [status code to return in response to rejected connections](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_status). _**default:**_ 503 ## enable-syslog -Enable [syslog](http://nginx.org/en/docs/syslog.html) feature for access log and error log. _**default:**_ false +Enable [syslog](https://nginx.org/en/docs/syslog.html) feature for access log and error log. _**default:**_ false ## syslog-host @@ -1206,7 +1206,7 @@ Enables caching for global auth requests. Specify a lookup key for auth response ## global-auth-cache-duration -Set a caching time for auth responses based on their response codes, e.g. `200 202 30m`. See [proxy_cache_valid](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid) for details. You may specify multiple, comma-separated values: `200 202 10m, 401 5m`. defaults to `200 202 401 5m`. +Set a caching time for auth responses based on their response codes, e.g. `200 202 30m`. See [proxy_cache_valid](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid) for details. You may specify multiple, comma-separated values: `200 202 10m, 401 5m`. defaults to `200 202 401 5m`. ## no-auth-locations @@ -1218,7 +1218,7 @@ _**default:**_ "/.well-known/acme-challenge" A comma-separated list of IP addresses (or subnets), request from which have to be blocked globally. _References:_ -[http://nginx.org/en/docs/http/ngx_http_access_module.html#deny](http://nginx.org/en/docs/http/ngx_http_access_module.html#deny) +[https://nginx.org/en/docs/http/ngx_http_access_module.html#deny](https://nginx.org/en/docs/http/ngx_http_access_module.html#deny) ## block-user-agents @@ -1226,7 +1226,7 @@ A comma-separated list of User-Agent, request from which have to be blocked glob It's possible to use here full strings and regular expressions. More details about valid patterns can be found at `map` Nginx directive documentation. _References:_ -[http://nginx.org/en/docs/http/ngx_http_map_module.html#map](http://nginx.org/en/docs/http/ngx_http_map_module.html#map) +[https://nginx.org/en/docs/http/ngx_http_map_module.html#map](https://nginx.org/en/docs/http/ngx_http_map_module.html#map) ## block-referers @@ -1234,7 +1234,7 @@ A comma-separated list of Referers, request from which have to be blocked global It's possible to use here full strings and regular expressions. More details about valid patterns can be found at `map` Nginx directive documentation. _References:_ -[http://nginx.org/en/docs/http/ngx_http_map_module.html#map](http://nginx.org/en/docs/http/ngx_http_map_module.html#map) +[https://nginx.org/en/docs/http/ngx_http_map_module.html#map](https://nginx.org/en/docs/http/ngx_http_map_module.html#map) ## proxy-ssl-location-only @@ -1247,7 +1247,7 @@ Sets the default MIME type of a response. _**default:**_ text/html _References:_ -[http://nginx.org/en/docs/http/ngx_http_core_module.html#default_type](http://nginx.org/en/docs/http/ngx_http_core_module.html#default_type) +[https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type](https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type) ## global-rate-limit diff --git a/docs/user-guide/nginx-configuration/index.md b/docs/user-guide/nginx-configuration/index.md index bace1a086..232dd5cf8 100644 --- a/docs/user-guide/nginx-configuration/index.md +++ b/docs/user-guide/nginx-configuration/index.md @@ -4,4 +4,4 @@ There are three ways to customize NGINX: 1. [ConfigMap](./configmap.md): using a Configmap to set global configurations in NGINX. 2. [Annotations](./annotations.md): use this if you want a specific configuration for a particular Ingress rule. -3. [Custom template](./custom-template.md): when more specific settings are required, like [open_file_cache](http://nginx.org/en/docs/http/ngx_http_core_module.html#open_file_cache), adjust [listen](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen) options as `rcvbuf` or when is not possible to change the configuration through the ConfigMap. +3. [Custom template](./custom-template.md): when more specific settings are required, like [open_file_cache](https://nginx.org/en/docs/http/ngx_http_core_module.html#open_file_cache), adjust [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) options as `rcvbuf` or when is not possible to change the configuration through the ConfigMap. diff --git a/docs/user-guide/nginx-configuration/log-format.md b/docs/user-guide/nginx-configuration/log-format.md index 4a8a45755..9a7506480 100644 --- a/docs/user-guide/nginx-configuration/log-format.md +++ b/docs/user-guide/nginx-configuration/log-format.md @@ -43,5 +43,5 @@ Additional available variables: Sources: -- [Upstream variables](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#variables) -- [Embedded variables](http://nginx.org/en/docs/http/ngx_http_core_module.html#variables) +- [Upstream variables](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#variables) +- [Embedded variables](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables) diff --git a/docs/user-guide/tls.md b/docs/user-guide/tls.md index 8a18069d4..3d5234c0c 100644 --- a/docs/user-guide/tls.md +++ b/docs/user-guide/tls.md @@ -28,7 +28,7 @@ Ensure that the relevant [ingress rules specify a matching host name](https://ku ## Default SSL Certificate NGINX provides the option to configure a server as a catch-all with -[server_name](http://nginx.org/en/docs/http/server_names.html) +[server_name](https://nginx.org/en/docs/http/server_names.html) for requests that do not match any of the configured server names. This configuration works out-of-the-box for HTTP traffic. For HTTPS, a certificate is naturally required. diff --git a/rootfs/etc/nginx/lua/plugins/README.md b/rootfs/etc/nginx/lua/plugins/README.md index 0626a48ff..64f4912f0 100644 --- a/rootfs/etc/nginx/lua/plugins/README.md +++ b/rootfs/etc/nginx/lua/plugins/README.md @@ -9,7 +9,7 @@ Every ingress-nginx Lua plugin is expected to have `main.lua` file and all of it `main.lua` is the entry point of the plugin. The plugin manager uses convention over configuration strategy and automatically runs functions defined in `main.lua` in the corresponding Nginx phase based on their name. -Nginx has different [request processing phases](http://nginx.org/en/docs/dev/development_guide.html#http_phases). +Nginx has different [request processing phases](https://nginx.org/en/docs/dev/development_guide.html#http_phases). By defining functions with the following names, you can run your custom Lua code in the corresponding Nginx phase: - `init_worker`: useful for initializing some data per Nginx worker process From 43a5b7a52d4f138575afe27634983c0acec654c6 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Thu, 7 Apr 2022 13:31:58 -0300 Subject: [PATCH 039/494] Add dependency review enforcement (#8443) --- .github/workflows/depreview.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/workflows/depreview.yaml diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml new file mode 100644 index 000000000..f2605b7a7 --- /dev/null +++ b/.github/workflows/depreview.yaml @@ -0,0 +1,14 @@ +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v3 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v1 From 02ccd22616ca47d447fcaffefa9efbdc545f2d20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Apr 2022 09:34:00 -0700 Subject: [PATCH 040/494] Bump github.com/prometheus/common from 0.32.1 to 0.33.0 (#8426) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.32.1 to 0.33.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.32.1...v0.33.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++++++---- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 0def711f4..daa079ac5 100644 --- a/go.mod +++ b/go.mod @@ -20,13 +20,13 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.12.1 github.com/prometheus/client_model v0.2.0 - github.com/prometheus/common v0.32.1 + github.com/prometheus/common v0.33.0 github.com/spf13/cobra v1.3.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.7.1 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 - golang.org/x/net v0.0.0-20211209124913-491a49abca63 + golang.org/x/net v0.0.0-20220225172249-27dd8689420f google.golang.org/grpc v1.44.0 gopkg.in/go-playground/pool.v3 v3.1.1 k8s.io/api v0.22.5 @@ -118,9 +118,9 @@ require ( github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.5.0 // indirect - golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect + golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect - golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect + golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect golang.org/x/tools v0.1.5 // indirect diff --git a/go.sum b/go.sum index f82322a19..74067dada 100644 --- a/go.sum +++ b/go.sum @@ -213,9 +213,11 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc= @@ -565,8 +567,9 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= +github.com/prometheus/common v0.33.0 h1:rHgav/0a6+uYgGdNt3jwz8FNSesO/Hsang3O0T9A5SE= +github.com/prometheus/common v0.33.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -829,8 +832,10 @@ golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -847,8 +852,9 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -946,12 +952,14 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From f5b212df30e37fa337dc09e2e448175f334f7515 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Francisco=20Robles=20Mart=C3=ADn?= Date: Fri, 8 Apr 2022 10:36:42 +0200 Subject: [PATCH 041/494] replace deprecated topology key in example with current one (#8444) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Francisco Robles Martín --- charts/ingress-nginx/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index cea8cebe8..eb61ce78b 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -272,7 +272,7 @@ controller: ## topologySpreadConstraints: [] # - maxSkew: 1 - # topologyKey: failure-domain.beta.kubernetes.io/zone + # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule # labelSelector: # matchLabels: From c8ed1f1d7a7f964e65e416cd12ee122dd7d39017 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=B3=E5=82=91=E5=A4=AB?= Date: Sat, 9 Apr 2022 00:48:42 +0800 Subject: [PATCH 042/494] typo fixing (#8447) --- docs/user-guide/nginx-configuration/configmap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index daad89501..cf1f73772 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -965,7 +965,7 @@ Specifies the environment this trace belongs to. _**default:**_ prod ## datadog-operation-name-override -Overrides the operation naem to use for any traces crated. _**default:**_ nginx.handle +Overrides the operation name to use for any traces crated. _**default:**_ nginx.handle ## datadog-priority-sampling From 5e322f79a1e179d087b0c6666d6a92fe29e523de Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Sat, 9 Apr 2022 05:14:04 +0200 Subject: [PATCH 043/494] Fix suggested annotation-value-word-blocklist (#8446) Signed-off-by: Mathieu Parent --- docs/user-guide/nginx-configuration/configmap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index cf1f73772..27ef647ef 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -238,7 +238,7 @@ _**default:**_ `""` When doing this, the default blocklist is override, which means that the Ingress admin should add all the words that should be blocked, here is a suggested block list. -_**suggested:**_ `"load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},',\"` +_**suggested:**_ `"load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},',\""` ## hide-headers From 83ce21b4dde6a40de7ee14e32c43de81177e044a Mon Sep 17 00:00:00 2001 From: Gabor Lekeny Date: Sat, 9 Apr 2022 05:22:04 +0200 Subject: [PATCH 044/494] Add keepalive support for auth requests (#8219) * Add keepalive support for auth requests * Fix typo * Address PR comments * Log warning when auth-url contains variable in its host:port * Generate upstream name without replacing dots to underscores in server name * Add comment in the nginx template when the keepalive upstream block is referenced * Workaround for auth_request module ignores keepalive in upstream block * The `auth_request` module does not support HTTP keepalives in upstream block: https://trac.nginx.org/nginx/ticket/1579 * As a workaround we use ngx.location.capture but unfortunately it does not support HTTP/2 so `use-http2` configuration parameter is needed. * Handle PR comments * Address PR comments * Handle invalid values for int parameters * Handle PR comments * Fix e2e test --- .../nginx-configuration/annotations.md | 16 ++ internal/ingress/annotations/authreq/main.go | 62 ++++++ .../ingress/annotations/authreq/main_test.go | 65 +++++++ .../ingress/controller/template/template.go | 108 ++++++++++- .../controller/template/template_test.go | 180 +++++++++++++++++- rootfs/etc/nginx/template/nginx.tmpl | 58 +++++- test/e2e/annotations/auth.go | 93 +++++++++ 7 files changed, 570 insertions(+), 12 deletions(-) diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 027db9407..8958ccfee 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -31,6 +31,9 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/auth-url](#external-authentication)|string| |[nginx.ingress.kubernetes.io/auth-cache-key](#external-authentication)|string| |[nginx.ingress.kubernetes.io/auth-cache-duration](#external-authentication)|string| +|[nginx.ingress.kubernetes.io/auth-keepalive](#external-authentication)|number| +|[nginx.ingress.kubernetes.io/auth-keepalive-requests](#external-authentication)|number| +|[nginx.ingress.kubernetes.io/auth-keepalive-timeout](#external-authentication)|number| |[nginx.ingress.kubernetes.io/auth-proxy-set-headers](#external-authentication)|string| |[nginx.ingress.kubernetes.io/auth-snippet](#external-authentication)|string| |[nginx.ingress.kubernetes.io/enable-global-auth](#external-authentication)|"true" or "false"| @@ -453,6 +456,19 @@ nginx.ingress.kubernetes.io/auth-url: "URL to the authentication service" Additionally it is possible to set: +* `nginx.ingress.kubernetes.io/auth-keepalive`: + `` to specify the maximum number of keepalive connections to `auth-url`. Only takes effect + when no variables are used in the host part of the URL. Defaults to `0` (keepalive disabled). + +> Note: does not work with HTTP/2 listener because of a limitation in Lua [subrequests](https://github.com/openresty/lua-nginx-module#spdy-mode-not-fully-supported). +> [UseHTTP2](./configmap.md#use-http2) configuration should be disabled! + +* `nginx.ingress.kubernetes.io/auth-keepalive-requests`: + `` to specify the maximum number of requests that can be served through one keepalive connection. + Defaults to `1000` and only applied if `auth-keepalive` is set to higher than `0`. +* `nginx.ingress.kubernetes.io/auth-keepalive-timeout`: + `` to specify a duration in seconds which an idle keepalive connection to an upstream server will stay open. + Defaults to `60` and only applied if `auth-keepalive` is set to higher than `0`. * `nginx.ingress.kubernetes.io/auth-method`: `` to specify the HTTP method to use. * `nginx.ingress.kubernetes.io/auth-signin`: diff --git a/internal/ingress/annotations/authreq/main.go b/internal/ingress/annotations/authreq/main.go index 36af0e208..5dd1126fa 100644 --- a/internal/ingress/annotations/authreq/main.go +++ b/internal/ingress/annotations/authreq/main.go @@ -44,12 +44,22 @@ type Config struct { AuthSnippet string `json:"authSnippet"` AuthCacheKey string `json:"authCacheKey"` AuthCacheDuration []string `json:"authCacheDuration"` + KeepaliveConnections int `json:"keepaliveConnections"` + KeepaliveRequests int `json:"keepaliveRequests"` + KeepaliveTimeout int `json:"keepaliveTimeout"` ProxySetHeaders map[string]string `json:"proxySetHeaders,omitempty"` } // DefaultCacheDuration is the fallback value if no cache duration is provided const DefaultCacheDuration = "200 202 401 5m" +// fallback values when no keepalive parameters are set +const ( + defaultKeepaliveConnections = 0 + defaultKeepaliveRequests = 1000 + defaultKeepaliveTimeout = 60 +) + // Equal tests for equality between two Config types func (e1 *Config) Equal(e2 *Config) bool { if e1 == e2 { @@ -90,6 +100,18 @@ func (e1 *Config) Equal(e2 *Config) bool { return false } + if e1.KeepaliveConnections != e2.KeepaliveConnections { + return false + } + + if e1.KeepaliveRequests != e2.KeepaliveRequests { + return false + } + + if e1.KeepaliveTimeout != e2.KeepaliveTimeout { + return false + } + return sets.StringElementsMatch(e1.AuthCacheDuration, e2.AuthCacheDuration) } @@ -193,6 +215,43 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) { klog.V(3).InfoS("auth-cache-key annotation is undefined and will not be set") } + keepaliveConnections, err := parser.GetIntAnnotation("auth-keepalive", ing) + if err != nil { + klog.V(3).InfoS("auth-keepalive annotation is undefined and will be set to its default value") + keepaliveConnections = defaultKeepaliveConnections + } + switch { + case keepaliveConnections < 0: + klog.Warningf("auth-keepalive annotation (%s) contains a negative value, setting auth-keepalive to 0", authURL.Host) + keepaliveConnections = 0 + case keepaliveConnections > 0: + // NOTE: upstream block cannot reference a variable in the server directive + if strings.IndexByte(authURL.Host, '$') != -1 { + klog.Warningf("auth-url annotation (%s) contains $ in the host:port part, setting auth-keepalive to 0", authURL.Host) + keepaliveConnections = 0 + } + } + + keepaliveRequests, err := parser.GetIntAnnotation("auth-keepalive-requests", ing) + if err != nil { + klog.V(3).InfoS("auth-keepalive-requests annotation is undefined and will be set to its default value") + keepaliveRequests = defaultKeepaliveRequests + } + if keepaliveRequests <= 0 { + klog.Warningf("auth-keepalive-requests annotation (%s) should be greater than zero, setting auth-keepalive to 0", authURL.Host) + keepaliveConnections = 0 + } + + keepaliveTimeout, err := parser.GetIntAnnotation("auth-keepalive-timeout", ing) + if err != nil { + klog.V(3).InfoS("auth-keepalive-timeout annotation is undefined and will be set to its default value") + keepaliveTimeout = defaultKeepaliveTimeout + } + if keepaliveTimeout <= 0 { + klog.Warningf("auth-keepalive-timeout annotation (%s) should be greater than zero, setting auth-keepalive 0", authURL.Host) + keepaliveConnections = 0 + } + durstr, _ := parser.GetStringAnnotation("auth-cache-duration", ing) authCacheDuration, err := ParseStringToCacheDurations(durstr) if err != nil { @@ -249,6 +308,9 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) { AuthSnippet: authSnippet, AuthCacheKey: authCacheKey, AuthCacheDuration: authCacheDuration, + KeepaliveConnections: keepaliveConnections, + KeepaliveRequests: keepaliveRequests, + KeepaliveTimeout: keepaliveTimeout, ProxySetHeaders: proxySetHeaders, }, nil } diff --git a/internal/ingress/annotations/authreq/main_test.go b/internal/ingress/annotations/authreq/main_test.go index da903fe30..eac1870e5 100644 --- a/internal/ingress/annotations/authreq/main_test.go +++ b/internal/ingress/annotations/authreq/main_test.go @@ -243,6 +243,71 @@ func TestCacheDurationAnnotations(t *testing.T) { } } +func TestKeepaliveAnnotations(t *testing.T) { + ing := buildIngress() + + data := map[string]string{} + ing.SetAnnotations(data) + + tests := []struct { + title string + url string + keepaliveConnections string + keepaliveRequests string + keepaliveTimeout string + expectedConnections int + expectedRequests int + expectedTimeout int + }{ + {"all set", "http://goog.url", "5", "500", "50", 5, 500, 50}, + {"no annotation", "http://goog.url", "", "", "", defaultKeepaliveConnections, defaultKeepaliveRequests, defaultKeepaliveTimeout}, + {"default for connections", "http://goog.url", "x", "500", "50", defaultKeepaliveConnections, 500, 50}, + {"default for requests", "http://goog.url", "5", "x", "50", 5, defaultKeepaliveRequests, 50}, + {"default for invalid timeout", "http://goog.url", "5", "500", "x", 5, 500, defaultKeepaliveTimeout}, + {"variable in host", "http://$host:5000/a/b", "5", "", "", 0, defaultKeepaliveRequests, defaultKeepaliveTimeout}, + {"variable in path", "http://goog.url:5000/$path", "5", "", "", 5, defaultKeepaliveRequests, defaultKeepaliveTimeout}, + {"negative connections", "http://goog.url", "-2", "", "", 0, defaultKeepaliveRequests, defaultKeepaliveTimeout}, + {"negative requests", "http://goog.url", "5", "-1", "", 0, -1, defaultKeepaliveTimeout}, + {"negative timeout", "http://goog.url", "5", "", "-1", 0, defaultKeepaliveRequests, -1}, + {"negative request and timeout", "http://goog.url", "5", "-2", "-3", 0, -2, -3}, + } + + for _, test := range tests { + data[parser.GetAnnotationWithPrefix("auth-url")] = test.url + data[parser.GetAnnotationWithPrefix("auth-keepalive")] = test.keepaliveConnections + data[parser.GetAnnotationWithPrefix("auth-keepalive-timeout")] = test.keepaliveTimeout + data[parser.GetAnnotationWithPrefix("auth-keepalive-requests")] = test.keepaliveRequests + + i, err := NewParser(&resolver.Mock{}).Parse(ing) + if err != nil { + t.Errorf("%v: unexpected error: %v", test.title, err) + continue + } + + u, ok := i.(*Config) + if !ok { + t.Errorf("%v: expected an External type", test.title) + continue + } + + if u.URL != test.url { + t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.url, u.URL) + } + + if u.KeepaliveConnections != test.expectedConnections { + t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.expectedConnections, u.KeepaliveConnections) + } + + if u.KeepaliveRequests != test.expectedRequests { + t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.expectedRequests, u.KeepaliveRequests) + } + + if u.KeepaliveTimeout != test.expectedTimeout { + t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.expectedTimeout, u.KeepaliveTimeout) + } + } +} + func TestParseStringToCacheDurations(t *testing.T) { tests := []struct { diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index 9b61d059a..f24aea0c4 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -42,6 +42,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/annotations/influxdb" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/annotations/ratelimit" "k8s.io/ingress-nginx/internal/ingress/controller/config" ing_net "k8s.io/ingress-nginx/internal/net" @@ -227,7 +228,12 @@ var ( "buildAuthLocation": buildAuthLocation, "shouldApplyGlobalAuth": shouldApplyGlobalAuth, "buildAuthResponseHeaders": buildAuthResponseHeaders, + "buildAuthUpstreamLuaHeaders": buildAuthUpstreamLuaHeaders, "buildAuthProxySetHeaders": buildAuthProxySetHeaders, + "buildAuthUpstreamName": buildAuthUpstreamName, + "shouldApplyAuthUpstream": shouldApplyAuthUpstream, + "extractHostPort": extractHostPort, + "changeHostPort": changeHostPort, "buildProxyPass": buildProxyPass, "filterRateLimits": filterRateLimits, "buildRateLimitZones": buildRateLimitZones, @@ -572,7 +578,14 @@ func shouldApplyGlobalAuth(input interface{}, globalExternalAuthURL string) bool return false } -func buildAuthResponseHeaders(proxySetHeader string, headers []string) []string { +// buildAuthResponseHeaders sets HTTP response headers when `auth-url` is used. +// Based on `auth-keepalive` value we use auth_request_set Nginx directives, or +// we use Lua and Nginx variables instead. +// +// NOTE: Unfortunately auth_request module ignores the keepalive directive (see: +// https://trac.nginx.org/nginx/ticket/1579), that is why we mimic the same +// functionality with access_by_lua_block. +func buildAuthResponseHeaders(proxySetHeader string, headers []string, lua bool) []string { res := []string{} if len(headers) == 0 { @@ -580,14 +593,31 @@ func buildAuthResponseHeaders(proxySetHeader string, headers []string) []string } for i, h := range headers { - hvar := strings.ToLower(h) - hvar = strings.NewReplacer("-", "_").Replace(hvar) - res = append(res, fmt.Sprintf("auth_request_set $authHeader%v $upstream_http_%v;", i, hvar)) + if lua { + res = append(res, fmt.Sprintf("set $authHeader%d '';", i)) + } else { + hvar := strings.ToLower(h) + hvar = strings.NewReplacer("-", "_").Replace(hvar) + res = append(res, fmt.Sprintf("auth_request_set $authHeader%v $upstream_http_%v;", i, hvar)) + } res = append(res, fmt.Sprintf("%s '%v' $authHeader%v;", proxySetHeader, h, i)) } return res } +func buildAuthUpstreamLuaHeaders(headers []string) []string { + res := []string{} + + if len(headers) == 0 { + return res + } + + for i, h := range headers { + res = append(res, fmt.Sprintf("ngx.var.authHeader%d = res.header['%s']", i, h)) + } + return res +} + func buildAuthProxySetHeaders(headers map[string]string) []string { res := []string{} @@ -602,6 +632,76 @@ func buildAuthProxySetHeaders(headers map[string]string) []string { return res } +func buildAuthUpstreamName(input interface{}, host string) string { + authPath := buildAuthLocation(input, "") + if authPath == "" || host == "" { + return "" + } + + return fmt.Sprintf("%s-%s", host, authPath[2:]) +} + +// shouldApplyAuthUpstream returns true only in case when ExternalAuth.URL and +// ExternalAuth.KeepaliveConnections are all set +func shouldApplyAuthUpstream(l interface{}, c interface{}) bool { + location, ok := l.(*ingress.Location) + if !ok { + klog.Errorf("expected an '*ingress.Location' type but %T was returned", l) + return false + } + + cfg, ok := c.(config.Configuration) + if !ok { + klog.Errorf("expected a 'config.Configuration' type but %T was returned", c) + return false + } + + if location.ExternalAuth.URL == "" || location.ExternalAuth.KeepaliveConnections == 0 { + return false + } + + // Unfortunately, `auth_request` module ignores keepalive in upstream block: https://trac.nginx.org/nginx/ticket/1579 + // The workaround is to use `ngx.location.capture` Lua subrequests but it is not supported with HTTP/2 + if cfg.UseHTTP2 { + klog.Warning("Upstream keepalive is not supported with HTTP/2") + return false + } + + return true +} + +// extractHostPort will extract the host:port part from the URL specified by url +func extractHostPort(url string) string { + if url == "" { + return "" + } + + authURL, err := parser.StringToURL(url) + if err != nil { + klog.Errorf("expected a valid URL but %s was returned", url) + return "" + } + + return authURL.Host +} + +// changeHostPort will change the host:port part of the url to value +func changeHostPort(url string, value string) string { + if url == "" { + return "" + } + + authURL, err := parser.StringToURL(url) + if err != nil { + klog.Errorf("expected a valid URL but %s was returned", url) + return "" + } + + authURL.Host = value + + return authURL.String() +} + // buildProxyPass produces the proxy pass string, if the ingress has redirects // (specified through the nginx.ingress.kubernetes.io/rewrite-target annotation) // If the annotation nginx.ingress.kubernetes.io/add-base-url:"true" is specified it will diff --git a/internal/ingress/controller/template/template_test.go b/internal/ingress/controller/template/template_test.go index b65e33c32..a741919ed 100644 --- a/internal/ingress/controller/template/template_test.go +++ b/internal/ingress/controller/template/template_test.go @@ -502,14 +502,49 @@ func TestShouldApplyGlobalAuth(t *testing.T) { func TestBuildAuthResponseHeaders(t *testing.T) { externalAuthResponseHeaders := []string{"h1", "H-With-Caps-And-Dashes"} - expected := []string{ - "auth_request_set $authHeader0 $upstream_http_h1;", - "proxy_set_header 'h1' $authHeader0;", - "auth_request_set $authHeader1 $upstream_http_h_with_caps_and_dashes;", - "proxy_set_header 'H-With-Caps-And-Dashes' $authHeader1;", + tests := []struct { + headers []string + expected []string + lua bool + }{ + { + headers: externalAuthResponseHeaders, + lua: false, + expected: []string{ + "auth_request_set $authHeader0 $upstream_http_h1;", + "proxy_set_header 'h1' $authHeader0;", + "auth_request_set $authHeader1 $upstream_http_h_with_caps_and_dashes;", + "proxy_set_header 'H-With-Caps-And-Dashes' $authHeader1;", + }, + }, + { + headers: externalAuthResponseHeaders, + lua: true, + expected: []string{ + "set $authHeader0 '';", + "proxy_set_header 'h1' $authHeader0;", + "set $authHeader1 '';", + "proxy_set_header 'H-With-Caps-And-Dashes' $authHeader1;", + }, + }, } - headers := buildAuthResponseHeaders(proxySetHeader(nil), externalAuthResponseHeaders) + for _, test := range tests { + got := buildAuthResponseHeaders(proxySetHeader(nil), test.headers, test.lua) + if !reflect.DeepEqual(test.expected, got) { + t.Errorf("Expected \n'%v'\nbut returned \n'%v'", test.expected, got) + } + } +} + +func TestBuildAuthResponseLua(t *testing.T) { + externalAuthResponseHeaders := []string{"h1", "H-With-Caps-And-Dashes"} + expected := []string{ + "ngx.var.authHeader0 = res.header['h1']", + "ngx.var.authHeader1 = res.header['H-With-Caps-And-Dashes']", + } + + headers := buildAuthUpstreamLuaHeaders(externalAuthResponseHeaders) if !reflect.DeepEqual(expected, headers) { t.Errorf("Expected \n'%v'\nbut returned \n'%v'", expected, headers) @@ -533,6 +568,139 @@ func TestBuildAuthProxySetHeaders(t *testing.T) { } } +func TestBuildAuthUpstreamName(t *testing.T) { + invalidType := &ingress.Ingress{} + expected := "" + actual := buildAuthUpstreamName(invalidType, "") + + if !reflect.DeepEqual(expected, actual) { + t.Errorf("Expected '%v' but returned '%v'", expected, actual) + } + + loc := &ingress.Location{ + ExternalAuth: authreq.Config{ + URL: "foo.com/auth", + }, + Path: "/cat", + } + + encodedAuthURL := strings.Replace(base64.URLEncoding.EncodeToString([]byte(loc.Path)), "=", "", -1) + externalAuthPath := fmt.Sprintf("external-auth-%v-default", encodedAuthURL) + + testCases := []struct { + title string + host string + expected string + }{ + {"valid host", "auth.my.site", fmt.Sprintf("%s-%s", "auth.my.site", externalAuthPath)}, + {"valid host", "your.auth.site", fmt.Sprintf("%s-%s", "your.auth.site", externalAuthPath)}, + {"empty host", "", ""}, + } + + for _, testCase := range testCases { + str := buildAuthUpstreamName(loc, testCase.host) + if str != testCase.expected { + t.Errorf("%v: expected '%v' but returned '%v'", testCase.title, testCase.expected, str) + } + } +} + +func TestShouldApplyAuthUpstream(t *testing.T) { + authURL := "foo.com/auth" + + loc := &ingress.Location{ + ExternalAuth: authreq.Config{ + URL: authURL, + KeepaliveConnections: 0, + }, + Path: "/cat", + } + + cfg := config.Configuration{ + UseHTTP2: false, + } + + testCases := []struct { + title string + authURL string + keepaliveConnections int + expected bool + }{ + {"authURL, no keepalive", authURL, 0, false}, + {"authURL, keepalive", authURL, 10, true}, + {"empty, no keepalive", "", 0, false}, + {"empty, keepalive", "", 10, false}, + } + + for _, testCase := range testCases { + loc.ExternalAuth.URL = testCase.authURL + loc.ExternalAuth.KeepaliveConnections = testCase.keepaliveConnections + + result := shouldApplyAuthUpstream(loc, cfg) + if result != testCase.expected { + t.Errorf("%v: expected '%v' but returned '%v'", testCase.title, testCase.expected, result) + } + } + + // keepalive is not supported with UseHTTP2 + cfg.UseHTTP2 = true + for _, testCase := range testCases { + loc.ExternalAuth.URL = testCase.authURL + loc.ExternalAuth.KeepaliveConnections = testCase.keepaliveConnections + + result := shouldApplyAuthUpstream(loc, cfg) + if result != false { + t.Errorf("%v: expected '%v' but returned '%v'", testCase.title, false, result) + } + } +} + +func TestExtractHostPort(t *testing.T) { + testCases := []struct { + title string + url string + expected string + }{ + {"full URL", "https://my.auth.site:5000/path", "my.auth.site:5000"}, + {"URL with no port", "http://my.auth.site/path", "my.auth.site"}, + {"URL with no path", "https://my.auth.site:5000", "my.auth.site:5000"}, + {"URL no port and path", "http://my.auth.site", "my.auth.site"}, + {"missing method", "my.auth.site/path", ""}, + {"all empty", "", ""}, + } + + for _, testCase := range testCases { + result := extractHostPort(testCase.url) + if result != testCase.expected { + t.Errorf("%v: expected '%v' but returned '%v'", testCase.title, testCase.expected, result) + } + } +} + +func TestChangeHostPort(t *testing.T) { + testCases := []struct { + title string + url string + host string + expected string + }{ + {"full URL", "https://my.auth.site:5000/path", "your.domain", "https://your.domain/path"}, + {"URL with no port", "http://my.auth.site/path", "your.domain", "http://your.domain/path"}, + {"URL with no path", "http://my.auth.site:5000", "your.domain:8888", "http://your.domain:8888"}, + {"URL with no port and path", "https://my.auth.site", "your.domain:8888", "https://your.domain:8888"}, + {"invalid host", "my.auth.site/path", "", ""}, + {"missing method", "my.auth.site/path", "your.domain", ""}, + {"all empty", "", "", ""}, + } + + for _, testCase := range testCases { + result := changeHostPort(testCase.url, testCase.host) + if result != testCase.expected { + t.Errorf("%v: expected '%v' but returned '%v'", testCase.title, testCase.expected, result) + } + } +} + func TestTemplateWithData(t *testing.T) { pwd, _ := os.Getwd() f, err := os.Open(path.Join(pwd, "../../../../test/data/config.json")) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 2ee76831c..f6495eb4a 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -610,7 +610,25 @@ http { {{ end }} {{ range $server := $servers }} + {{ range $location := $server.Locations }} + {{ $applyGlobalAuth := shouldApplyGlobalAuth $location $all.Cfg.GlobalExternalAuth.URL }} + {{ $applyAuthUpstream := shouldApplyAuthUpstream $location $all.Cfg }} + {{ if and (eq $applyAuthUpstream true) (eq $applyGlobalAuth false) }} + ## start auth upstream {{ $server.Hostname }}{{ $location.Path }} + upstream {{ buildAuthUpstreamName $location $server.Hostname }} { + {{- $externalAuth := $location.ExternalAuth }} + server {{ extractHostPort $externalAuth.URL }}; + keepalive {{ $externalAuth.KeepaliveConnections }}; + keepalive_requests {{ $externalAuth.KeepaliveRequests }}; + keepalive_timeout {{ $externalAuth.KeepaliveTimeout }}s; + } + ## end auth upstream {{ $server.Hostname }}{{ $location.Path }} + {{ end }} + {{ end }} + {{ end }} + + {{ range $server := $servers }} ## start server {{ $server.Hostname }} server { server_name {{ buildServerName $server.Hostname }} {{range $server.Aliases }}{{ . }} {{ end }}; @@ -995,6 +1013,7 @@ stream { {{ $proxySetHeader := proxySetHeader $location }} {{ $authPath := buildAuthLocation $location $all.Cfg.GlobalExternalAuth.URL }} {{ $applyGlobalAuth := shouldApplyGlobalAuth $location $all.Cfg.GlobalExternalAuth.URL }} + {{ $applyAuthUpstream := shouldApplyAuthUpstream $location $all.Cfg }} {{ $externalAuth := $location.ExternalAuth }} {{ if eq $applyGlobalAuth true }} @@ -1074,7 +1093,6 @@ stream { proxy_buffer_size {{ $location.Proxy.BufferSize }}; proxy_buffers {{ $location.Proxy.BuffersNumber }} {{ $location.Proxy.BufferSize }}; proxy_request_buffering {{ $location.Proxy.RequestBuffering }}; - proxy_http_version {{ $location.Proxy.ProxyHTTPVersion }}; proxy_ssl_server_name on; proxy_pass_request_headers on; @@ -1103,7 +1121,19 @@ stream { {{ $externalAuth.AuthSnippet }} {{ end }} + {{ if and (eq $applyAuthUpstream true) (eq $applyGlobalAuth false) }} + {{ $authUpstreamName := buildAuthUpstreamName $location $server.Hostname }} + # The target is an upstream with HTTP keepalive, that is why the + # Connection header is cleared and the HTTP version is set to 1.1 as + # the Nginx documentation suggests: + # http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive + proxy_http_version 1.1; + proxy_set_header Connection ""; + set $target {{ changeHostPort $externalAuth.URL $authUpstreamName }}; + {{ else }} + proxy_http_version {{ $location.Proxy.ProxyHTTPVersion }}; set $target {{ $externalAuth.URL }}; + {{ end }} proxy_pass $target; } {{ end }} @@ -1208,13 +1238,37 @@ stream { {{ if not (isLocationInLocationList $location $all.Cfg.NoAuthLocations) }} {{ if $authPath }} # this location requires authentication + {{ if and (eq $applyAuthUpstream true) (eq $applyGlobalAuth false) }} + set $auth_cookie ''; + add_header Set-Cookie $auth_cookie; + {{- range $line := buildAuthResponseHeaders $proxySetHeader $externalAuth.ResponseHeaders true }} + {{ $line }} + {{- end }} + # `auth_request` module does not support HTTP keepalives in upstream block: + # https://trac.nginx.org/nginx/ticket/1579 + access_by_lua_block { + local res = ngx.location.capture('{{ $authPath }}', { method = ngx.HTTP_GET, body = '' }) + if res.status == ngx.HTTP_OK then + ngx.var.auth_cookie = res.header['Set-Cookie'] + {{- range $line := buildAuthUpstreamLuaHeaders $externalAuth.ResponseHeaders }} + {{ $line }} + {{- end }} + return + end + if res.status == ngx.HTTP_FORBIDDEN then + ngx.exit(res.status) + end + ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) + } + {{ else }} auth_request {{ $authPath }}; auth_request_set $auth_cookie $upstream_http_set_cookie; add_header Set-Cookie $auth_cookie; - {{- range $line := buildAuthResponseHeaders $proxySetHeader $externalAuth.ResponseHeaders }} + {{- range $line := buildAuthResponseHeaders $proxySetHeader $externalAuth.ResponseHeaders false }} {{ $line }} {{- end }} {{ end }} + {{ end }} {{ if $externalAuth.SigninURL }} set_escape_uri $escaped_request_uri $request_uri; diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go index 7ca2fff45..0ea97d3ef 100644 --- a/test/e2e/annotations/auth.go +++ b/test/e2e/annotations/auth.go @@ -476,6 +476,99 @@ http { Body(). NotContainsFold(fmt.Sprintf("%s=%s", rewriteHeader, rewriteVal)) }) + + ginkgo.It(`should not create additional upstream block when auth-keepalive is not set`, func() { + f.UpdateNginxConfigMapData("use-http2", "false") + defer func() { + f.UpdateNginxConfigMapData("use-http2", "true") + }() + // Sleep a while just to guarantee that the configmap is applied + framework.Sleep() + + annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path" + f.UpdateIngress(ing) + + f.WaitForNginxServer("", + func(server string) bool { + return strings.Contains(server, "http://foo.bar.baz:5000/path") && + !strings.Contains(server, `upstream auth-external-auth`) + }) + }) + + ginkgo.It(`should not create additional upstream block when host part of auth-url contains a variable`, func() { + f.UpdateNginxConfigMapData("use-http2", "false") + defer func() { + f.UpdateNginxConfigMapData("use-http2", "true") + }() + // Sleep a while just to guarantee that the configmap is applied + framework.Sleep() + + annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://$host/path" + annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "123" + f.UpdateIngress(ing) + + f.WaitForNginxServer("", + func(server string) bool { + return strings.Contains(server, "http://$host/path") && + !strings.Contains(server, `upstream auth-external-auth`) && + !strings.Contains(server, `keepalive 123;`) + }) + }) + + ginkgo.It(`should not create additional upstream block when auth-keepalive is negative`, func() { + f.UpdateNginxConfigMapData("use-http2", "false") + defer func() { + f.UpdateNginxConfigMapData("use-http2", "true") + }() + // Sleep a while just to guarantee that the configmap is applied + framework.Sleep() + + annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path" + annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "-1" + f.UpdateIngress(ing) + + f.WaitForNginxServer("", + func(server string) bool { + return strings.Contains(server, "http://foo.bar.baz:5000/path") && + !strings.Contains(server, `upstream auth-external-auth`) + }) + }) + + ginkgo.It(`should not create additional upstream block when auth-keepalive is set with HTTP/2`, func() { + annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path" + annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "123" + annotations["nginx.ingress.kubernetes.io/auth-keepalive-requests"] = "456" + annotations["nginx.ingress.kubernetes.io/auth-keepalive-timeout"] = "789" + f.UpdateIngress(ing) + + f.WaitForNginxServer("", + func(server string) bool { + return strings.Contains(server, "http://foo.bar.baz:5000/path") && + !strings.Contains(server, `upstream auth-external-auth`) + }) + }) + + ginkgo.It(`should create additional upstream block when auth-keepalive is set with HTTP/1.x`, func() { + f.UpdateNginxConfigMapData("use-http2", "false") + defer func() { + f.UpdateNginxConfigMapData("use-http2", "true") + }() + // Sleep a while just to guarantee that the configmap is applied + framework.Sleep() + + annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "123" + annotations["nginx.ingress.kubernetes.io/auth-keepalive-requests"] = "456" + annotations["nginx.ingress.kubernetes.io/auth-keepalive-timeout"] = "789" + f.UpdateIngress(ing) + + f.WaitForNginxServer("", + func(server string) bool { + return strings.Contains(server, `upstream auth-external-auth`) && + strings.Contains(server, `keepalive 123;`) && + strings.Contains(server, `keepalive_requests 456;`) && + strings.Contains(server, `keepalive_timeout 789s;`) + }) + }) }) ginkgo.Context("when external authentication is configured with a custom redirect param", func() { From 3def835a6a8258f34a7ef1f200a366ff9a0d6a9f Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sat, 9 Apr 2022 01:48:04 -0300 Subject: [PATCH 045/494] Jail/chroot nginx process inside controller container (#8337) * Initial work on chrooting nginx process * More improvements in chroot * Fix charts and some file locations * Fix symlink on non chrooted container * fix psp test * Add e2e tests to chroot image * Fix logger * Add internal logger in controller * Fix overlay for chrooted tests * Fix tests * fix boilerplates * Fix unittest to point to the right pid * Fix PR review --- .github/workflows/ci.yaml | 62 +++++++++- Makefile | 30 +++++ build/build.sh | 1 + build/test.sh | 1 + charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/templates/_helpers.tpl | 29 +++++ .../templates/controller-daemonset.yaml | 2 +- .../templates/controller-deployment.yaml | 2 +- charts/ingress-nginx/values.yaml | 3 + cmd/nginx/flags.go | 3 + cmd/nginx/logger.go | 51 ++++++++ cmd/nginx/main.go | 7 ++ go.mod | 1 + go.sum | 2 + internal/ingress/controller/checker_test.go | 2 +- internal/ingress/controller/config/config.go | 11 +- internal/ingress/controller/controller.go | 3 + internal/ingress/controller/nginx.go | 12 +- internal/ingress/controller/process/nginx.go | 2 +- internal/ingress/controller/util.go | 4 +- internal/ingress/metric/collectors/socket.go | 2 +- internal/nginx/main.go | 4 +- rootfs/Dockerfile | 4 +- rootfs/Dockerfile.chroot | 112 ++++++++++++++++++ rootfs/chroot.sh | 55 +++++++++ rootfs/etc/nginx/lua/monitor.lua | 2 +- rootfs/etc/nginx/lua/test/monitor_test.lua | 2 +- rootfs/etc/nginx/nginx.conf | 6 +- rootfs/etc/nginx/template/nginx.tmpl | 12 +- rootfs/nginx-chroot-wrapper.sh | 18 +++ test/data/cleanConf.expected.conf | 2 +- test/data/cleanConf.src.conf | 2 +- .../namespace-overlays/admission/values.yaml | 1 + .../custom-health-check-path/values.yaml | 1 + .../forwarded-port-headers/values.yaml | 1 + .../namespace-selector/values.yaml | 1 + test/e2e/framework/logs.go | 3 + test/e2e/run.sh | 9 +- test/e2e/settings/access_log.go | 34 +++--- .../settings/pod_security_policy_volumes.go | 4 +- test/e2e/wait-for-nginx.sh | 1 + 41 files changed, 456 insertions(+), 49 deletions(-) create mode 100644 cmd/nginx/logger.go create mode 100644 rootfs/Dockerfile.chroot create mode 100755 rootfs/chroot.sh create mode 100755 rootfs/nginx-chroot-wrapper.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 63d41b588..69972eb51 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -100,13 +100,14 @@ jobs: REGISTRY: ingress-controller run: | echo "building images..." - make clean-image build image + make clean-image build image image-chroot make -C test/e2e-image image echo "creating images cache..." docker save \ nginx-ingress-controller:e2e \ ingress-controller/controller:1.0.0-dev \ + ingress-controller/controller-chroot:1.0.0-dev \ | pigz > docker.tar.gz - name: cache @@ -250,6 +251,65 @@ jobs: kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-test + kubernetes-chroot: + name: Kubernetes chroot + runs-on: ubuntu-latest + needs: + - changes + - build + if: | + (needs.changes.outputs.go == 'true') + + strategy: + matrix: + k8s: [v1.21.10, v1.22.7, v1.23.4] + + steps: + + - name: Checkout + uses: actions/checkout@v2 + + - name: cache + uses: actions/download-artifact@v2 + with: + name: docker.tar.gz + + - name: Create Kubernetes ${{ matrix.k8s }} cluster + id: kind + uses: engineerd/setup-kind@v0.5.0 + with: + version: v0.12.0 + config: test/e2e/kind.yaml + image: kindest/node:${{ matrix.k8s }} + + - uses: geekyeggo/delete-artifact@v1 + with: + name: docker.tar.gz + failOnError: false + + - name: Prepare cluster for testing + id: local-path + run: | + kubectl version + echo + echo "installing helm 3..." + curl -sSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash + + - name: Load images from cache + run: | + echo "loading docker images..." + pigz -dc docker.tar.gz | docker load + + - name: Run e2e tests + env: + KIND_CLUSTER_NAME: kind + SKIP_CLUSTER_CREATION: true + SKIP_IMAGE_CREATION: true + IS_CHROOT: true + run: | + kind get kubeconfig > $HOME/.kube/kind-config-kind + make kind-e2e-test + test-image-build: permissions: contents: read # for dorny/paths-filter to fetch a list of changed files diff --git a/Makefile b/Makefile index c4e109d86..58a3e95c5 100644 --- a/Makefile +++ b/Makefile @@ -75,11 +75,30 @@ image: clean-image ## Build image for a particular arch. --build-arg BUILD_ID="$(BUILD_ID)" \ -t $(REGISTRY)/controller:$(TAG) rootfs +.PHONY: image-chroot +image-chroot: clean-chroot-image ## Build image for a particular arch. + echo "Building docker image ($(ARCH))..." + @docker build \ + --no-cache \ + --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ + --build-arg VERSION="$(TAG)" \ + --build-arg TARGETARCH="$(ARCH)" \ + --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ + --build-arg BUILD_ID="$(BUILD_ID)" \ + -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile.chroot + .PHONY: clean-image clean-image: ## Removes local image echo "removing old image $(REGISTRY)/controller:$(TAG)" @docker rmi -f $(REGISTRY)/controller:$(TAG) || true + +.PHONY: clean-chroot-image +clean-chroot-image: ## Removes local image + echo "removing old image $(REGISTRY)/controller-chroot:$(TAG)" + @docker rmi -f $(REGISTRY)/controller-chroot:$(TAG) || true + + .PHONY: build build: ## Build ingress controller, debug tool and pre-stop hook. @build/run-in-docker.sh \ @@ -221,3 +240,14 @@ release: ensure-buildx clean --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg BUILD_ID="$(BUILD_ID)" \ -t $(REGISTRY)/controller:$(TAG) rootfs + + @docker buildx build \ + --no-cache \ + --push \ + --progress plain \ + --platform $(subst $(SPACE),$(COMMA),$(PLATFORMS)) \ + --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ + --build-arg VERSION="$(TAG)" \ + --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ + --build-arg BUILD_ID="$(BUILD_ID)" \ + -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile.chroot diff --git a/build/build.sh b/build/build.sh index 9edae604d..a865fe927 100755 --- a/build/build.sh +++ b/build/build.sh @@ -69,3 +69,4 @@ go build \ -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ -X ${PKG}/version.REPO=${REPO_INFO}" \ -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown" + diff --git a/build/test.sh b/build/test.sh index bb7ccdb7e..674b9484a 100755 --- a/build/test.sh +++ b/build/test.sh @@ -23,6 +23,7 @@ set -o errexit set -o nounset set -o pipefail +mkdir -p /tmp/nginx if [ -z "${PKG}" ]; then echo "PKG must be set" exit 1 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index c52b0ae51..c6887521c 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -306,6 +306,7 @@ Kubernetes: `>=1.19.0-0` | controller.hostPort.ports.https | int | `443` | 'hostPort' https port | | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | +| controller.image.chroot | bool | `false` | | | controller.image.digest | string | `"sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index a72af5d9d..e69de0c41 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -43,11 +43,40 @@ capabilities: - ALL add: - NET_BIND_SERVICE + {{- if .Values.controller.image.chroot }} + - SYS_CHROOT + {{- end }} runAsUser: {{ .Values.controller.image.runAsUser }} allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} {{- end }} {{- end -}} +{{/* +Get specific image +*/}} +{{- define "ingress-nginx.image" -}} +{{- if .chroot -}} +{{- printf "%s-chroot" .image -}} +{{- else -}} +{{- printf "%s" .image -}} +{{- end }} +{{- end -}} + +{{/* +Get specific image digest +*/}} +{{- define "ingress-nginx.imageDigest" -}} +{{- if .chroot -}} +{{- if .digestChroot -}} +{{- printf "@%s" .digestChroot -}} +{{- end }} +{{- else -}} +{{ if .digest -}} +{{- printf "@%s" .digest -}} +{{- end -}} +{{- end -}} +{{- end -}} + {{/* Create a default fully qualified controller name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 09852d041..4d7361597 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -74,7 +74,7 @@ spec: containers: - name: {{ .Values.controller.containerName }} {{- with .Values.controller.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index effd5b06c..e72e7dbad 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -78,7 +78,7 @@ spec: containers: - name: {{ .Values.controller.containerName }} {{- with .Values.controller.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index eb61ce78b..500b2bb53 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -16,6 +16,8 @@ commonLabels: {} controller: name: controller image: + ## Keep false as default for now! + chroot: false registry: k8s.gcr.io image: ingress-nginx/controller ## for backwards compatibility consider setting the full image url via the repository value below @@ -23,6 +25,7 @@ controller: ## repository: tag: "v1.1.3" digest: sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + # digestChroot: "" # TODO: Fill when we have it pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 diff --git a/cmd/nginx/flags.go b/cmd/nginx/flags.go index f620690b5..cfeadc7db 100644 --- a/cmd/nginx/flags.go +++ b/cmd/nginx/flags.go @@ -192,6 +192,8 @@ Takes the form ":port". If not provided, no admission controller is starte statusPort = flags.Int("status-port", 10246, `Port to use for the lua HTTP endpoint configuration.`) streamPort = flags.Int("stream-port", 10247, "Port to use for the lua TCP/UDP endpoint configuration.") + internalLoggerAddress = flags.String("internal-logger-address", "127.0.0.1:11514", "Address to be used when binding internal syslogger") + profilerPort = flags.Int("profiler-port", 10245, "Port to use for expose the ingress controller Go profiler when it is enabled.") statusUpdateInterval = flags.Int("status-update-interval", status.UpdateInterval, "Time interval in seconds in which the status should check if an update is required. Default is 60 seconds") @@ -344,6 +346,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g ValidationWebhook: *validationWebhook, ValidationWebhookCertPath: *validationWebhookCert, ValidationWebhookKeyPath: *validationWebhookKey, + InternalLoggerAddress: *internalLoggerAddress, } if *apiserverHost != "" { diff --git a/cmd/nginx/logger.go b/cmd/nginx/logger.go new file mode 100644 index 000000000..13ec095fa --- /dev/null +++ b/cmd/nginx/logger.go @@ -0,0 +1,51 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "fmt" + + "k8s.io/klog/v2" + + "gopkg.in/mcuadros/go-syslog.v2" +) + +func logger(address string) { + channel := make(syslog.LogPartsChannel) + handler := syslog.NewChannelHandler(channel) + + server := syslog.NewServer() + + server.SetFormat(syslog.RFC3164) + server.SetHandler(handler) + if err := server.ListenUDP(address); err != nil { + klog.Fatalf("failed bind internal syslog: %w", err) + } + + if err := server.Boot(); err != nil { + klog.Fatalf("failed to boot internal syslog: %w", err) + } + klog.Infof("Is Chrooted, starting logger") + + for logParts := range channel { + fmt.Printf("%s\n", logParts["content"]) + } + + server.Wait() + klog.Infof("Stopping logger") + +} diff --git a/cmd/nginx/main.go b/cmd/nginx/main.go index 7293e6b10..b8378d290 100644 --- a/cmd/nginx/main.go +++ b/cmd/nginx/main.go @@ -152,6 +152,13 @@ func main() { registerHealthz(nginx.HealthPath, ngx, mux) registerMetrics(reg, mux) + _, errExists := os.Stat("/chroot") + if errExists == nil { + conf.IsChroot = true + go logger(conf.InternalLoggerAddress) + + } + go startHTTPServer(conf.HealthCheckHost, conf.ListenPorts.Health, mux) go ngx.Start() diff --git a/go.mod b/go.mod index daa079ac5..de5f5938e 100644 --- a/go.mod +++ b/go.mod @@ -130,6 +130,7 @@ require ( google.golang.org/protobuf v1.27.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/mcuadros/go-syslog.v2 v2.3.0 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect diff --git a/go.sum b/go.sum index 74067dada..586115d44 100644 --- a/go.sum +++ b/go.sum @@ -1214,6 +1214,8 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/mcuadros/go-syslog.v2 v2.3.0 h1:kcsiS+WsTKyIEPABJBJtoG0KkOS6yzvJ+/eZlhD79kk= +gopkg.in/mcuadros/go-syslog.v2 v2.3.0/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= diff --git a/internal/ingress/controller/checker_test.go b/internal/ingress/controller/checker_test.go index 3f02f4016..fd712b6a8 100644 --- a/internal/ingress/controller/checker_test.go +++ b/internal/ingress/controller/checker_test.go @@ -76,7 +76,7 @@ func TestNginxCheck(t *testing.T) { }) // create pid file - os.MkdirAll("/tmp", file.ReadWriteByUser) + os.MkdirAll("/tmp/nginx", file.ReadWriteByUser) pidFile, err := os.Create(nginx.PID) if err != nil { t.Fatalf("unexpected error: %v", err) diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index f37516e78..4afb3e9f5 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -958,12 +958,11 @@ type TemplateConfig struct { EnableMetrics bool MaxmindEditionFiles *[]string MonitorMaxBatchSize int - - PID string - StatusPath string - StatusPort int - StreamPort int - StreamSnippets []string + PID string + StatusPath string + StatusPort int + StreamPort int + StreamSnippets []string } // ListenPorts describe the ports required to run the diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 651e983a8..a7efdab91 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -120,6 +120,9 @@ type Configuration struct { PostShutdownGracePeriod int ShutdownGracePeriod int + + InternalLoggerAddress string + IsChroot bool } // GetPublishService returns the Service used to set the load-balancer status of Ingresses. diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index e4037dfb0..4a6d3d2f4 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -575,6 +575,15 @@ func (n NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressC cfg.DefaultSSLCertificate = n.getDefaultSSLCertificate() + if n.cfg.IsChroot { + if cfg.AccessLogPath == "/var/log/nginx/access.log" { + cfg.AccessLogPath = fmt.Sprintf("syslog:server=%s", n.cfg.InternalLoggerAddress) + } + if cfg.ErrorLogPath == "/var/log/nginx/error.log" { + cfg.ErrorLogPath = fmt.Sprintf("syslog:server=%s", n.cfg.InternalLoggerAddress) + } + } + tc := ngx_config.TemplateConfig{ ProxySetHeaders: setHeaders, AddHeaders: addHeaders, @@ -614,7 +623,8 @@ func (n NGINXController) testTemplate(cfg []byte) error { if len(cfg) == 0 { return fmt.Errorf("invalid NGINX configuration (empty)") } - tmpfile, err := os.CreateTemp("", tempNginxPattern) + tmpDir := os.TempDir() + "/nginx" + tmpfile, err := os.CreateTemp(tmpDir, tempNginxPattern) if err != nil { return err } diff --git a/internal/ingress/controller/process/nginx.go b/internal/ingress/controller/process/nginx.go index 702f60da8..70227ac2e 100644 --- a/internal/ingress/controller/process/nginx.go +++ b/internal/ingress/controller/process/nginx.go @@ -20,7 +20,7 @@ import ( "os/exec" "syscall" - "k8s.io/klog/v2" + klog "k8s.io/klog/v2" ) // IsRespawnIfRequired checks if error type is exec.ExitError or not diff --git a/internal/ingress/controller/util.go b/internal/ingress/controller/util.go index 91e0c3acf..a8232ed0e 100644 --- a/internal/ingress/controller/util.go +++ b/internal/ingress/controller/util.go @@ -29,7 +29,7 @@ import ( networking "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/ingress-nginx/internal/ingress" - "k8s.io/klog/v2" + klog "k8s.io/klog/v2" ) // newUpstream creates an upstream without servers. @@ -98,7 +98,7 @@ func rlimitMaxNumFiles() int { } const ( - defBinary = "/usr/local/nginx/sbin/nginx" + defBinary = "/usr/bin/nginx" cfgPath = "/etc/nginx/nginx.conf" ) diff --git a/internal/ingress/metric/collectors/socket.go b/internal/ingress/metric/collectors/socket.go index 0cbeeb4a6..ea4775583 100644 --- a/internal/ingress/metric/collectors/socket.go +++ b/internal/ingress/metric/collectors/socket.go @@ -111,7 +111,7 @@ var defObjectives = map[float64]float64{0.5: 0.05, 0.9: 0.01, 0.99: 0.001} // NewSocketCollector creates a new SocketCollector instance using // the ingress watch namespace and class used by the controller func NewSocketCollector(pod, namespace, class string, metricsPerHost bool, buckets HistogramBuckets) (*SocketCollector, error) { - socket := "/tmp/prometheus-nginx.socket" + socket := "/tmp/nginx/prometheus-nginx.socket" // unix sockets must be unlink()ed before being used _ = syscall.Unlink(socket) diff --git a/internal/nginx/main.go b/internal/nginx/main.go index 485b7d229..88d2ee877 100644 --- a/internal/nginx/main.go +++ b/internal/nginx/main.go @@ -28,7 +28,7 @@ import ( "time" ps "github.com/mitchellh/go-ps" - "k8s.io/klog/v2" + klog "k8s.io/klog/v2" ) // TODO: Check https://github.com/kubernetes/kubernetes/blob/master/pkg/master/ports/ports.go for ports already being used @@ -40,7 +40,7 @@ var ProfilerPort = 10245 var TemplatePath = "/etc/nginx/template/nginx.tmpl" // PID defines the location of the pid file used by NGINX -var PID = "/tmp/nginx.pid" +var PID = "/tmp/nginx/nginx.pid" // StatusPort port used by NGINX for the status server var StatusPort = 10246 diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 5a8af2a6d..1eab94c58 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -54,6 +54,7 @@ RUN bash -xeu -c ' \ /etc/ingress-controller/auth \ /var/log \ /var/log/nginx \ + /tmp/nginx \ ); \ for dir in "${writeDirs[@]}"; do \ mkdir -p ${dir}; \ @@ -67,7 +68,8 @@ RUN apk add --no-cache libcap \ && setcap -v cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \ && setcap cap_net_bind_service=+ep /usr/bin/dumb-init \ && setcap -v cap_net_bind_service=+ep /usr/bin/dumb-init \ - && apk del libcap + && apk del libcap \ + && ln -sf /usr/local/nginx/sbin/nginx /usr/bin/nginx USER www-data diff --git a/rootfs/Dockerfile.chroot b/rootfs/Dockerfile.chroot new file mode 100644 index 000000000..53f8e3622 --- /dev/null +++ b/rootfs/Dockerfile.chroot @@ -0,0 +1,112 @@ +# Copyright 2022 The Kubernetes Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + +ARG BASE_IMAGE + +FROM ${BASE_IMAGE} as chroot + +# This intermediary image will be used only to copy all the required files to the chroot +# TODO: Simplify in a future to a single Dockerfile +COPY chroot.sh /chroot.sh +RUN apk update \ + && apk upgrade \ + && /chroot.sh + +FROM alpine:3.14.2 + +ARG TARGETARCH +ARG VERSION +ARG COMMIT_SHA +ARG BUILD_ID=UNSET + +LABEL org.opencontainers.image.title="NGINX Ingress Controller for Kubernetes" +LABEL org.opencontainers.image.documentation="https://kubernetes.github.io/ingress-nginx/" +LABEL org.opencontainers.image.source="https://github.com/kubernetes/ingress-nginx" +LABEL org.opencontainers.image.vendor="The Kubernetes Authors" +LABEL org.opencontainers.image.licenses="Apache-2.0" +LABEL org.opencontainers.image.version="${VERSION}" +LABEL org.opencontainers.image.revision="${COMMIT_SHA}" + +LABEL build_id="${BUILD_ID}" + +# This will be injected in the chroot. Don't change :) +ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;" +ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" +ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin + +RUN apk update \ + && apk upgrade \ + && apk add -U --no-cache \ + bash \ + curl \ + openssl \ + ca-certificates \ + dumb-init \ + tzdata \ + diffutils \ + util-linux \ + && ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \ + && adduser -S -D -H -u 101 -h /usr/local/nginx \ + -s /sbin/nologin -G www-data -g www-data www-data + +COPY --from=chroot /chroot /chroot + +COPY --chown=www-data:www-data etc /chroot/etc + +COPY --chown=www-data:www-data bin/${TARGETARCH}/dbg / +COPY --chown=www-data:www-data bin/${TARGETARCH}/nginx-ingress-controller / +COPY --chown=www-data:www-data bin/${TARGETARCH}/wait-shutdown / +COPY --chown=www-data:www-data nginx-chroot-wrapper.sh /usr/bin/nginx + +WORKDIR /chroot/etc/nginx + +# Fix permission during the build to avoid issues at runtime +# with volumes (custom templates) +RUN bash -xeu -c ' \ + writeDirs=( \ + /var/log \ + ); \ + for dir in "${writeDirs[@]}"; do \ + mkdir -p ${dir}; \ + chown -R www-data.www-data ${dir}; \ + done' + +RUN apk add --no-cache libcap \ + && setcap cap_sys_chroot,cap_net_bind_service=+ep /nginx-ingress-controller \ + && setcap -v cap_sys_chroot,cap_net_bind_service=+ep /nginx-ingress-controller \ + && setcap cap_sys_chroot,cap_net_bind_service=+ep /usr/bin/unshare \ + && setcap -v cap_sys_chroot,cap_net_bind_service=+ep /usr/bin/unshare \ + && setcap cap_net_bind_service=+ep /chroot/usr/local/nginx/sbin/nginx \ + && setcap -v cap_net_bind_service=+ep /chroot/usr/local/nginx/sbin/nginx \ + && setcap cap_sys_chroot,cap_net_bind_service=+ep /usr/bin/dumb-init \ + && setcap -v cap_sys_chroot,cap_net_bind_service=+ep /usr/bin/dumb-init \ + && apk del libcap + +RUN ln -sf /chroot/etc/nginx /etc/nginx \ + && ln -sf /chroot/tmp/nginx /tmp/nginx \ + && ln -sf /chroot/etc/ingress-controller /etc/ingress-controller \ + && ln -sf /chroot/var/log/nginx /var/log/nginx \ + && touch /chroot/var/log/nginx/access.log \ + && chown www-data:www-data /chroot/var/log/nginx/access.log \ + && echo "" > /chroot/etc/resolv.conf \ + && chown -R www-data.www-data /chroot/var/log/nginx /chroot/etc/resolv.conf + +USER www-data + +EXPOSE 80 443 + +ENTRYPOINT ["/usr/bin/dumb-init", "--"] + +CMD ["/nginx-ingress-controller"] + diff --git a/rootfs/chroot.sh b/rootfs/chroot.sh new file mode 100755 index 000000000..c2ae3d2fa --- /dev/null +++ b/rootfs/chroot.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x +writeDirs=( \ + /chroot/etc/nginx \ + /chroot/usr/local/ \ + /chroot/etc/ingress-controller \ + /chroot/etc/ingress-controller/ssl \ + /chroot/etc/ingress-controller/auth \ + /chroot/opt/modsecurity/var/log \ + /chroot/opt/modsecurity/var/upload \ + /chroot/opt/modsecurity/var/audit \ + /chroot/var/log/audit \ + /chroot/var/lib/nginx \ + /chroot/var/log/nginx \ + /chroot/var/lib/nginx/body \ + /chroot/var/lib/nginx/fastcgi \ + /chroot/var/lib/nginx/proxy \ + /chroot/var/lib/nginx/scgi \ + /chroot/var/lib/nginx/uwsgi \ + /chroot/tmp/nginx +); + +for dir in "${writeDirs[@]}"; do + mkdir -p ${dir}; + chown -R www-data.www-data ${dir}; +done + +mkdir -p /chroot/lib /chroot/proc /chroot/usr /chroot/bin /chroot/dev /chroot/run +cp /etc/passwd /etc/group /chroot/etc/ +cp -a /usr/* /chroot/usr/ +mv /var/log/nginx /chroot/var/log/ +cp -a /etc/nginx/* /chroot/etc/nginx/ +cp /lib/ld-musl-* /lib/libcrypto* /lib/libssl* /lib/libz* /chroot/lib/ +mknod -m 0666 /chroot/dev/null c 1 3 +mknod -m 0666 /chroot/dev/random c 1 8 +mknod -m 0666 /chroot/dev/urandom c 1 9 +mknod -m 0666 /chroot/dev/full c 1 7 +mknod -m 0666 /chroot/dev/ptmx c 5 2 +mknod -m 0666 /chroot/dev/zero c 1 5 +mknod -m 0666 /chroot/dev/tty c 5 0 diff --git a/rootfs/etc/nginx/lua/monitor.lua b/rootfs/etc/nginx/lua/monitor.lua index be7a173ee..8b0e18596 100644 --- a/rootfs/etc/nginx/lua/monitor.lua +++ b/rootfs/etc/nginx/lua/monitor.lua @@ -26,7 +26,7 @@ local _M = {} local function send(payload) local s = assert(socket()) - assert(s:connect("unix:/tmp/prometheus-nginx.socket")) + assert(s:connect("unix:/tmp/nginx/prometheus-nginx.socket")) assert(s:send(payload)) assert(s:close()) end diff --git a/rootfs/etc/nginx/lua/test/monitor_test.lua b/rootfs/etc/nginx/lua/test/monitor_test.lua index 2762a980d..e75018adf 100644 --- a/rootfs/etc/nginx/lua/test/monitor_test.lua +++ b/rootfs/etc/nginx/lua/test/monitor_test.lua @@ -148,7 +148,7 @@ describe("Monitor", function() }, }) - assert.stub(tcp_mock.connect).was_called_with(tcp_mock, "unix:/tmp/prometheus-nginx.socket") + assert.stub(tcp_mock.connect).was_called_with(tcp_mock, "unix:/tmp/nginx/prometheus-nginx.socket") assert.stub(tcp_mock.send).was_called_with(tcp_mock, expected_payload) assert.stub(tcp_mock.close).was_called_with(tcp_mock) end) diff --git a/rootfs/etc/nginx/nginx.conf b/rootfs/etc/nginx/nginx.conf index 6f8e86b90..7f60b846d 100644 --- a/rootfs/etc/nginx/nginx.conf +++ b/rootfs/etc/nginx/nginx.conf @@ -1,6 +1,8 @@ # A very simple nginx configuration file that forces nginx to start. -pid /tmp/nginx.pid; +pid /tmp/nginx/nginx.pid; + +error_log stderr; events {} http {} -daemon off; \ No newline at end of file +daemon off; diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index f6495eb4a..eaaf60c65 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -285,10 +285,10 @@ http { keepalive_timeout {{ $cfg.KeepAlive }}s; keepalive_requests {{ $cfg.KeepAliveRequests }}; - client_body_temp_path /tmp/client-body; - fastcgi_temp_path /tmp/fastcgi-temp; - proxy_temp_path /tmp/proxy-temp; - ajp_temp_path /tmp/ajp-temp; + client_body_temp_path /tmp/nginx/client-body; + fastcgi_temp_path /tmp/nginx/fastcgi-temp; + proxy_temp_path /tmp/nginx/proxy-temp; + ajp_temp_path /tmp/nginx/ajp-temp; client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }}; client_header_timeout {{ $cfg.ClientHeaderTimeout }}s; @@ -536,7 +536,7 @@ http { {{ end }} # Cache for internal auth checks - proxy_cache_path /tmp/nginx-cache-auth levels=1:2 keys_zone=auth_cache:10m max_size=128m inactive=30m use_temp_path=off; + proxy_cache_path /tmp/nginx/nginx-cache-auth levels=1:2 keys_zone=auth_cache:10m max_size=128m inactive=30m use_temp_path=off; # Global filters {{ range $ip := $cfg.BlockCIDRs }}deny {{ trimSpace $ip }}; @@ -773,8 +773,8 @@ stream { access_log {{ or $cfg.StreamAccessLogPath $cfg.AccessLogPath }} log_stream {{ $cfg.AccessLogParams }}; {{ end }} + error_log {{ $cfg.ErrorLogPath }} {{ $cfg.ErrorLogLevel }}; - {{ if $cfg.EnableRealIp }} {{ range $trusted_ip := $cfg.ProxyRealIPCIDR }} set_real_ip_from {{ $trusted_ip }}; diff --git a/rootfs/nginx-chroot-wrapper.sh b/rootfs/nginx-chroot-wrapper.sh new file mode 100755 index 000000000..f7318142f --- /dev/null +++ b/rootfs/nginx-chroot-wrapper.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +cat /etc/resolv.conf > /chroot/etc/resolv.conf +unshare -S 101 -R /chroot nginx "$@" diff --git a/test/data/cleanConf.expected.conf b/test/data/cleanConf.expected.conf index 5edad651b..1666c19f6 100644 --- a/test/data/cleanConf.expected.conf +++ b/test/data/cleanConf.expected.conf @@ -1,7 +1,7 @@ # Configuration checksum: # setup custom paths that do not require root access -pid /tmp/nginx.pid; +pid /tmp/nginx/nginx.pid; daemon off; diff --git a/test/data/cleanConf.src.conf b/test/data/cleanConf.src.conf index 81944e1ce..0e572faa5 100644 --- a/test/data/cleanConf.src.conf +++ b/test/data/cleanConf.src.conf @@ -1,7 +1,7 @@ # Configuration checksum: # setup custom paths that do not require root access -pid /tmp/nginx.pid; +pid /tmp/nginx/nginx.pid; diff --git a/test/e2e-image/namespace-overlays/admission/values.yaml b/test/e2e-image/namespace-overlays/admission/values.yaml index b88e8a02e..1f0367671 100644 --- a/test/e2e-image/namespace-overlays/admission/values.yaml +++ b/test/e2e-image/namespace-overlays/admission/values.yaml @@ -3,6 +3,7 @@ fullnameOverride: nginx-ingress controller: image: repository: ingress-controller/controller + chroot: true tag: 1.0.0-dev digest: containerPort: diff --git a/test/e2e-image/namespace-overlays/custom-health-check-path/values.yaml b/test/e2e-image/namespace-overlays/custom-health-check-path/values.yaml index 57bd1d105..7507d60db 100644 --- a/test/e2e-image/namespace-overlays/custom-health-check-path/values.yaml +++ b/test/e2e-image/namespace-overlays/custom-health-check-path/values.yaml @@ -3,6 +3,7 @@ fullnameOverride: nginx-ingress controller: image: repository: ingress-controller/controller + chroot: true tag: 1.0.0-dev digest: extraArgs: diff --git a/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml b/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml index 4fef671a7..e0b8003d2 100644 --- a/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml +++ b/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml @@ -3,6 +3,7 @@ fullnameOverride: nginx-ingress controller: image: repository: ingress-controller/controller + chroot: true tag: 1.0.0-dev digest: containerPort: diff --git a/test/e2e-image/namespace-overlays/namespace-selector/values.yaml b/test/e2e-image/namespace-overlays/namespace-selector/values.yaml index e4c0e7a87..06252da6f 100644 --- a/test/e2e-image/namespace-overlays/namespace-selector/values.yaml +++ b/test/e2e-image/namespace-overlays/namespace-selector/values.yaml @@ -3,6 +3,7 @@ fullnameOverride: nginx-ingress controller: image: repository: ingress-controller/controller + chroot: true tag: 1.0.0-dev digest: containerPort: diff --git a/test/e2e/framework/logs.go b/test/e2e/framework/logs.go index a4b645695..db3eb4a6c 100644 --- a/test/e2e/framework/logs.go +++ b/test/e2e/framework/logs.go @@ -18,12 +18,15 @@ package framework import ( "context" + "time" "k8s.io/client-go/kubernetes" ) // Logs returns the log entries of a given Pod. func Logs(client kubernetes.Interface, namespace, podName string) (string, error) { + // Logs from jails take a bigger time to get shipped due to the need of tailing them + Sleep(3 * time.Second) logs, err := client.CoreV1().RESTClient().Get(). Resource("pods"). Namespace(namespace). diff --git a/test/e2e/run.sh b/test/e2e/run.sh index bfe13b428..1aa41e1c6 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -58,7 +58,7 @@ export KUBECONFIG="${KUBECONFIG:-$HOME/.kube/kind-config-$KIND_CLUSTER_NAME}" if [ "${SKIP_CLUSTER_CREATION:-false}" = "false" ]; then echo "[dev-env] creating Kubernetes cluster with kind" - export K8S_VERSION=${K8S_VERSION:-v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6} + export K8S_VERSION=${K8S_VERSION:-v1.21.10@sha256:84709f09756ba4f863769bdcabe5edafc2ada72d3c8c44d6515fc581b66b029c} kind create cluster \ --verbosity=${KIND_LOG_LEVEL} \ @@ -77,7 +77,7 @@ if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then fi echo "[dev-env] building image" - make -C ${DIR}/../../ clean-image build image + make -C ${DIR}/../../ clean-image build image image-chroot make -C ${DIR}/../e2e-image image fi @@ -87,6 +87,11 @@ KIND_WORKERS=$(kind get nodes --name="${KIND_CLUSTER_NAME}" | grep worker | awk echo "[dev-env] copying docker images to cluster..." kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes=${KIND_WORKERS} nginx-ingress-controller:e2e + +if [ "${IS_CHROOT:-false}" = "true" ]; then + docker tag ${REGISTRY}/controller-chroot:${TAG} ${REGISTRY}/controller:${TAG} +fi + kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes=${KIND_WORKERS} ${REGISTRY}/controller:${TAG} echo "[dev-env] running e2e tests..." diff --git a/test/e2e/settings/access_log.go b/test/e2e/settings/access_log.go index 0e4c1d827..0e50205e5 100644 --- a/test/e2e/settings/access_log.go +++ b/test/e2e/settings/access_log.go @@ -31,17 +31,19 @@ var _ = framework.DescribeSetting("access-log", func() { ginkgo.It("use the default configuration", func() { f.WaitForNginxConfiguration( func(cfg string) bool { - return strings.Contains(cfg, "access_log /var/log/nginx/access.log upstreaminfo") && - strings.Contains(cfg, "access_log /var/log/nginx/access.log log_stream") + return (strings.Contains(cfg, "access_log /var/log/nginx/access.log upstreaminfo") && + strings.Contains(cfg, "access_log /var/log/nginx/access.log log_stream")) || + (strings.Contains(cfg, "access_log syslog:server=127.0.0.1:11514 upstreaminfo") && + strings.Contains(cfg, "access_log syslog:server=127.0.0.1:11514 log_stream")) }) }) ginkgo.It("use the specified configuration", func() { - f.UpdateNginxConfigMapData("access-log-path", "/tmp/access.log") + f.UpdateNginxConfigMapData("access-log-path", "/tmp/nginx/access.log") f.WaitForNginxConfiguration( func(cfg string) bool { - return strings.Contains(cfg, "access_log /tmp/access.log upstreaminfo") && - strings.Contains(cfg, "access_log /tmp/access.log log_stream") + return strings.Contains(cfg, "access_log /tmp/nginx/access.log upstreaminfo") && + strings.Contains(cfg, "access_log /tmp/nginx/access.log log_stream") }) }) }) @@ -49,11 +51,12 @@ var _ = framework.DescribeSetting("access-log", func() { ginkgo.Context("http-access-log-path", func() { ginkgo.It("use the specified configuration", func() { - f.UpdateNginxConfigMapData("http-access-log-path", "/tmp/http-access.log") + f.UpdateNginxConfigMapData("http-access-log-path", "/tmp/nginx/http-access.log") f.WaitForNginxConfiguration( func(cfg string) bool { - return strings.Contains(cfg, "access_log /tmp/http-access.log upstreaminfo") && - strings.Contains(cfg, "access_log /var/log/nginx/access.log log_stream") + return strings.Contains(cfg, "access_log /tmp/nginx/http-access.log upstreaminfo") && + (strings.Contains(cfg, "access_log /var/log/nginx/access.log log_stream") || + strings.Contains(cfg, "access_log syslog:server=127.0.0.1:11514 log_stream")) }) }) }) @@ -61,11 +64,12 @@ var _ = framework.DescribeSetting("access-log", func() { ginkgo.Context("stream-access-log-path", func() { ginkgo.It("use the specified configuration", func() { - f.UpdateNginxConfigMapData("stream-access-log-path", "/tmp/stream-access.log") + f.UpdateNginxConfigMapData("stream-access-log-path", "/tmp/nginx/stream-access.log") f.WaitForNginxConfiguration( func(cfg string) bool { - return strings.Contains(cfg, "access_log /tmp/stream-access.log log_stream") && - strings.Contains(cfg, "access_log /var/log/nginx/access.log upstreaminfo") + return strings.Contains(cfg, "access_log /tmp/nginx/stream-access.log log_stream") && + (strings.Contains(cfg, "access_log /var/log/nginx/access.log upstreaminfo") || + strings.Contains(cfg, "access_log syslog:server=127.0.0.1:11514 upstreaminfo")) }) }) }) @@ -74,13 +78,13 @@ var _ = framework.DescribeSetting("access-log", func() { ginkgo.It("use the specified configuration", func() { f.SetNginxConfigMapData(map[string]string{ - "http-access-log-path": "/tmp/http-access.log", - "stream-access-log-path": "/tmp/stream-access.log", + "http-access-log-path": "/tmp/nginx/http-access.log", + "stream-access-log-path": "/tmp/nginx/stream-access.log", }) f.WaitForNginxConfiguration( func(cfg string) bool { - return strings.Contains(cfg, "access_log /tmp/http-access.log upstreaminfo") && - strings.Contains(cfg, "access_log /tmp/stream-access.log log_stream") + return strings.Contains(cfg, "access_log /tmp/nginx/http-access.log upstreaminfo") && + strings.Contains(cfg, "access_log /tmp/nginx/stream-access.log log_stream") }) }) }) diff --git a/test/e2e/settings/pod_security_policy_volumes.go b/test/e2e/settings/pod_security_policy_volumes.go index da88ed5be..384f8c46c 100644 --- a/test/e2e/settings/pod_security_policy_volumes.go +++ b/test/e2e/settings/pod_security_policy_volumes.go @@ -82,10 +82,10 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies with vo deployment.Spec.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{ { - Name: "ssl", MountPath: "/etc/ingress-controller", + Name: "ssl", MountPath: "/etc/my-amazing-ssl", }, { - Name: "tmp", MountPath: "/tmp", + Name: "tmp", MountPath: "/my-other-tmp", }, } diff --git a/test/e2e/wait-for-nginx.sh b/test/e2e/wait-for-nginx.sh index 9a37d1ffc..ed2e04426 100755 --- a/test/e2e/wait-for-nginx.sh +++ b/test/e2e/wait-for-nginx.sh @@ -59,6 +59,7 @@ fullnameOverride: nginx-ingress controller: image: repository: ingress-controller/controller + chroot: true tag: 1.0.0-dev digest: scope: From d46da48005a1248686e0835de2110667bc489883 Mon Sep 17 00:00:00 2001 From: Mochamad Arifin Date: Sun, 10 Apr 2022 21:42:05 +0700 Subject: [PATCH 046/494] Update index.md (#8454) Fix THis -> This --- docs/deploy/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 7c9219012..b78675ff4 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -325,7 +325,7 @@ See also [“How to easily install multiple instances of the Ingress NGINX contr !!! attention The first time the ingress controller starts, two [Jobs](https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/) create the SSL Certificate used by the admission webhook. -THis can cause an initial delay of up to two minutes until it is possible to create and validate Ingress definitions. +This can cause an initial delay of up to two minutes until it is possible to create and validate Ingress definitions. You can wait until it is ready to run the next command: From 5737f166632a93011f6964b8b7ff7a977a5ecc43 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 10 Apr 2022 12:58:05 -0300 Subject: [PATCH 047/494] Update dependencies (#8455) * Update more dependencies * Fix e2e test for new ProbeHandler --- go.mod | 55 +++--- go.sum | 295 +++++++++---------------------- test/e2e/framework/deployment.go | 4 +- 3 files changed, 118 insertions(+), 236 deletions(-) diff --git a/go.mod b/go.mod index de5f5938e..62a71d20a 100644 --- a/go.mod +++ b/go.mod @@ -15,13 +15,13 @@ require ( github.com/mitchellh/mapstructure v1.4.3 github.com/moul/pb v0.0.0-20180404114147-54bdd96e6a52 github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo v1.16.4 - github.com/opencontainers/runc v1.1.0 + github.com/onsi/ginkgo v1.16.5 + github.com/opencontainers/runc v1.1.1 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.12.1 github.com/prometheus/client_model v0.2.0 github.com/prometheus/common v0.33.0 - github.com/spf13/cobra v1.3.0 + github.com/spf13/cobra v1.4.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.7.1 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a @@ -29,22 +29,23 @@ require ( golang.org/x/net v0.0.0-20220225172249-27dd8689420f google.golang.org/grpc v1.44.0 gopkg.in/go-playground/pool.v3 v3.1.1 - k8s.io/api v0.22.5 - k8s.io/apiextensions-apiserver v0.22.5 - k8s.io/apimachinery v0.22.5 - k8s.io/apiserver v0.22.5 - k8s.io/cli-runtime v0.22.5 - k8s.io/client-go v0.22.5 - k8s.io/code-generator v0.22.5 - k8s.io/component-base v0.22.5 - k8s.io/klog/v2 v2.9.0 + gopkg.in/mcuadros/go-syslog.v2 v2.3.0 + k8s.io/api v0.23.5 + k8s.io/apiextensions-apiserver v0.23.5 + k8s.io/apimachinery v0.23.5 + k8s.io/apiserver v0.23.5 + k8s.io/cli-runtime v0.23.5 + k8s.io/client-go v0.23.5 + k8s.io/code-generator v0.23.5 + k8s.io/component-base v0.23.5 + k8s.io/klog/v2 v2.60.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 - sigs.k8s.io/controller-runtime v0.10.3 + sigs.k8s.io/controller-runtime v0.11.2 sigs.k8s.io/mdtoc v1.1.0 ) require ( - cloud.google.com/go v0.99.0 // indirect + cloud.google.com/go v0.81.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.18 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect @@ -64,12 +65,12 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful v2.9.5+incompatible // indirect - github.com/evanphx/json-patch v4.11.0+incompatible // indirect + github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fatih/structs v1.0.0 // indirect github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b // indirect github.com/go-errors/errors v1.0.1 // indirect - github.com/go-logr/logr v0.4.0 // indirect + github.com/go-logr/logr v1.2.0 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect @@ -117,29 +118,29 @@ require ( github.com/yudai/gojsondiff v1.0.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.5.0 // indirect + golang.org/x/mod v0.4.2 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect - golang.org/x/tools v0.1.5 // indirect + golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect + google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 // indirect google.golang.org/protobuf v1.27.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/mcuadros/go-syslog.v2 v2.3.0 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect - k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027 // indirect - k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c // indirect - k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a // indirect + k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect + k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect + k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e // indirect - sigs.k8s.io/kustomize/api v0.8.11 // indirect - sigs.k8s.io/kustomize/kyaml v0.11.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect - sigs.k8s.io/yaml v1.2.0 // indirect + sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect + sigs.k8s.io/kustomize/api v0.10.1 // indirect + sigs.k8s.io/kustomize/kyaml v0.13.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect + sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 586115d44..9e12fbaed 100644 --- a/go.sum +++ b/go.sum @@ -17,17 +17,8 @@ cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKP cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= +cloud.google.com/go v0.81.0 h1:at8Tk2zUz63cLPR0JPWm5vp77pEZmzxEQBEfRKn1VV8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= -cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM= -cloud.google.com/go v0.99.0 h1:y/cM2iqGgGi5D5DQZl6D9STN/3dR/Vx5Mp8s752oJTY= -cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -37,7 +28,6 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -67,7 +57,6 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -85,14 +74,13 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 github.com/andybalholm/brotli v1.0.2 h1:JKnhI/XQ75uFBTiuzXpzFrUriDPiZjlOSzh6wXogP0E= github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -102,10 +90,10 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= +github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -118,8 +106,6 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= -github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= -github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -128,9 +114,7 @@ github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XP github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= @@ -177,17 +161,14 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= -github.com/evanphx/json-patch v4.11.0+incompatible h1:glyUF9yIYtMHzn8xaKw5rMhdWcwsYV8dZHIq5567/xs= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= +github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fasthttp/websocket v1.4.3-rc.6 h1:omHqsl8j+KXpmzRjF8bmzOSYJ8GnS0E3efi1wYT+niY= github.com/fasthttp/websocket v1.4.3-rc.6/go.mod h1:43W9OM2T8FeXpCWMsBd9Cb7nE2CACNqNvCqQCoty/Lc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/structs v1.0.0 h1:BrX964Rv5uQ3wwS+KRUAJCBBw5PQmgJfJ6v4yly5QwU= github.com/fatih/structs v1.0.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= @@ -203,6 +184,7 @@ github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpT github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/gavv/httpexpect/v2 v2.3.1 h1:sGLlKMn8AuHS9ztK9Sb7AJ7OxIL8v2PcLdyxfKt1Fo4= github.com/gavv/httpexpect/v2 v2.3.1/go.mod h1:yOE8m/aqFYQDNrgprMeXgq4YynfN9h1NgcE1+1suV64= +github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= @@ -220,10 +202,10 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc= -github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/zapr v0.4.0 h1:uc1uML3hRYL9/ZZPdgHS/n8Nzo+eaYL/Efxkkamf7OM= -github.com/go-logr/zapr v0.4.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= +github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= +github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -244,6 +226,7 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -258,7 +241,6 @@ github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -284,6 +266,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= +github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -305,7 +289,6 @@ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -317,9 +300,6 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= @@ -329,12 +309,11 @@ github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= -github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -346,23 +325,13 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= -github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -370,20 +339,12 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= -github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= -github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= -github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= @@ -400,7 +361,6 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -434,7 +394,6 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= @@ -444,27 +403,16 @@ github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7 github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= -github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= -github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= -github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= @@ -476,6 +424,7 @@ github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mmarkdown/mmark v2.0.40+incompatible h1:vMeUeDzBK3H+/mU0oMVfMuhSXJlIA+DE/DMPQNAj5C4= @@ -516,24 +465,24 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU= -github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= -github.com/opencontainers/runc v1.1.0 h1:O9+X96OcDjkmmZyfaG996kV7yq8HsoU2h1XRRQcefG8= -github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= +github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE= +github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= +github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU= +github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= +github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -545,12 +494,10 @@ github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk= @@ -563,9 +510,9 @@ github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= +github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.33.0 h1:rHgav/0a6+uYgGdNt3jwz8FNSesO/Hsang3O0T9A5SE= @@ -574,7 +521,6 @@ github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQY github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= @@ -589,7 +535,6 @@ github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6po github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= github.com/savsgio/gotils v0.0.0-20210617111740-97865ed5a873 h1:N3Af8f13ooDKcIhsmFT7Z05CStZWu4C7Md0uDEy4q6o= github.com/savsgio/gotils v0.0.0-20210617111740-97865ed5a873/go.mod h1:dmPawKuiAeG/aFYVs2i+Dyosoo7FNcm+Pi8iK6ZUrX8= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= @@ -611,14 +556,14 @@ github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.3.0 h1:R7cSvGu+Vv+qX0gW5R/85dx2kmmJT5z5NM8ifdYjdn0= -github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= +github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= +github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= +github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -627,7 +572,7 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= +github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -646,7 +591,6 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -680,16 +624,14 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a h1:CbXWHAnmrtTKgX+yMVVANuRJP8ld88ELbAYAYnBdLJ4= github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a/go.mod h1:/Hzu8ych2oXCs1iNI+MeASyFzWTncQ6nlu/wgqbqC2A= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= -go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= @@ -719,13 +661,16 @@ go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= +go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.19.0 h1:mZQZefskPPCMIBCSEH0v2/iUqqLrYtaeqwD6FUGUnFE= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= +go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= +go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -733,11 +678,9 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ= @@ -776,9 +719,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.5.0 h1:UG21uOlmZabA4fW5i7ZX6bjw1xELEGg/ZLgZq9auk/Q= -golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -799,7 +741,6 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -825,13 +766,11 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc= @@ -847,12 +786,9 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -885,12 +821,9 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -898,9 +831,7 @@ golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -926,7 +857,6 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -936,28 +866,20 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -993,7 +915,6 @@ golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1033,12 +954,10 @@ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff h1:VX/uD7MK0AHXGiScH3fsieUQUcpmRERPDYtqZdJnA+Q= +golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1067,17 +986,7 @@ google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34q google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= -google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU= -google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= -google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw= +google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1119,6 +1028,7 @@ google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -1128,30 +1038,9 @@ google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 h1:NHN4wOCScVzKhPenJ2dt+BTs3X/XkBVI/Rh4iDt55T8= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0= -google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1173,16 +1062,10 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg= google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1213,7 +1096,7 @@ gopkg.in/go-playground/pool.v3 v3.1.1/go.mod h1:pUAGBximS/hccTTSzEop6wvvQhVa3QPD gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/mcuadros/go-syslog.v2 v2.3.0 h1:kcsiS+WsTKyIEPABJBJtoG0KkOS6yzvJ+/eZlhD79kk= gopkg.in/mcuadros/go-syslog.v2 v2.3.0/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= @@ -1244,41 +1127,36 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.22.2/go.mod h1:y3ydYpLJAaDI+BbSe2xmGcqxiWHmWjkEeIbiwHvnPR8= -k8s.io/api v0.22.5 h1:xk7C+rMjF/EGELiD560jdmwzrB788mfcHiNbMQLIVI8= -k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs= -k8s.io/apiextensions-apiserver v0.22.2/go.mod h1:2E0Ve/isxNl7tWLSUDgi6+cmwHi5fQRdwGVCxbC+KFA= -k8s.io/apiextensions-apiserver v0.22.5 h1:ML0QqT7FIlmZHN+9+2EtARJ3cJVHeoizt6GCteFRE0o= -k8s.io/apiextensions-apiserver v0.22.5/go.mod h1:tIXeZ0BrDxUb1PoAz+tgOz43Zi1Bp4BEEqVtUccMJbE= -k8s.io/apimachinery v0.22.2/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= -k8s.io/apimachinery v0.22.5 h1:cIPwldOYm1Slq9VLBRPtEYpyhjIm1C6aAMAoENuvN9s= -k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U= -k8s.io/apiserver v0.22.2/go.mod h1:vrpMmbyjWrgdyOvZTSpsusQq5iigKNWv9o9KlDAbBHI= -k8s.io/apiserver v0.22.5 h1:71krQxCUz218ecb+nPhfDsNB6QgP1/4EMvi1a2uYBlg= -k8s.io/apiserver v0.22.5/go.mod h1:s2WbtgZAkTKt679sYtSudEQrTGWUSQAPe6MupLnlmaQ= -k8s.io/cli-runtime v0.22.5 h1:bZqLgx1INiPgXyMk/Hu3o5NFmdfvlvtsoE+wHJuKA2U= -k8s.io/cli-runtime v0.22.5/go.mod h1:12ah4O0kaevIYHsRcFGt8RKER0wlTN2yCgHp1c4Uxp4= -k8s.io/client-go v0.22.2/go.mod h1:sAlhrkVDf50ZHx6z4K0S40wISNTarf1r800F+RlCF6U= -k8s.io/client-go v0.22.5 h1:I8Zn/UqIdi2r02aZmhaJ1hqMxcpfJ3t5VqvHtctHYFo= -k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y= -k8s.io/code-generator v0.22.2/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= -k8s.io/code-generator v0.22.5 h1:jn+mYXI5q7rzo7Bz/n8xZIgbe61SeXlIjU5jA8jLVps= -k8s.io/code-generator v0.22.5/go.mod h1:sbdWCOVob+KaQ5O7xs8PNNaCTpbWVqNgA6EPwLOmRNk= -k8s.io/component-base v0.22.2/go.mod h1:5Br2QhI9OTe79p+TzPe9JKNQYvEKbq9rTJDWllunGug= -k8s.io/component-base v0.22.5 h1:U0eHqZm7mAFE42hFwYhY6ze/MmVaW00JpMrzVsQmzYE= -k8s.io/component-base v0.22.5/go.mod h1:VK3I+TjuF9eaa+Ln67dKxhGar5ynVbwnGrUiNF4MqCI= +k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA= +k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= +k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= +k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= +k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0= +k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= +k8s.io/apiserver v0.23.5 h1:2Ly8oUjz5cnZRn1YwYr+aFgDZzUmEVL9RscXbnIeDSE= +k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= +k8s.io/cli-runtime v0.23.5 h1:Z7XUpGoJZYZB2uNjQfJjMbyDKyVkoBGye62Ap0sWQHY= +k8s.io/cli-runtime v0.23.5/go.mod h1:oY6QDF2qo9xndSq32tqcmRp2UyXssdGrLfjAVymgbx4= +k8s.io/client-go v0.23.5 h1:zUXHmEuqx0RY4+CsnkOn5l0GU+skkRXKGJrhmE2SLd8= +k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= +k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= +k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= +k8s.io/component-base v0.23.5 h1:8qgP5R6jG1BBSXmRYW+dsmitIrpk8F/fPEvgDenMCCE= +k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027 h1:Uusb3oh8XcdzDF/ndlI4ToKTYVlkCSJP39SRY2mfRAw= -k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= +k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.9.0 h1:D7HV+n1V57XeZ0m6tdRkfknthUaM06VFbWldOFh8kzM= -k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= +k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc= +k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c h1:jvamsI1tn9V0S8jicyX82qaFC0H/NKxv2e5mbqsgR80= -k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a h1:8dYfu/Fc9Gz2rNJKB9IQRGgQOh2clmRzNIPPY1xLY5g= -k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4= +k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= +k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20211116205334-6203023598ed h1:ck1fRPWPJWsMd8ZRFsWc6mh/zHp5fZ/shhbrgPUxDAE= +k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e h1:C7q+e9M5nggAvWfVg9Nl66kebKeuJlP3FD58V4RR5wo= moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e/go.mod h1:nejbQVfXh96n9dSF6cH3Jsk/QI1Z2oEL7sSI2ifXFNA= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= @@ -1286,17 +1164,20 @@ pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/controller-runtime v0.10.3 h1:s5Ttmw/B4AuIbwrXD3sfBkXwnPMMWrqpVj4WRt1dano= -sigs.k8s.io/controller-runtime v0.10.3/go.mod h1:CQp8eyUQZ/Q7PJvnIrB6/hgfTC1kBkGylwsLgOQi1WY= -sigs.k8s.io/kustomize/api v0.8.11 h1:LzQzlq6Z023b+mBtc6v72N2mSHYmN8x7ssgbf/hv0H8= -sigs.k8s.io/kustomize/api v0.8.11/go.mod h1:a77Ls36JdfCWojpUqR6m60pdGY1AYFix4AH83nJtY1g= -sigs.k8s.io/kustomize/kyaml v0.11.0 h1:9KhiCPKaVyuPcgOLJXkvytOvjMJLoxpjodiycb4gHsA= -sigs.k8s.io/kustomize/kyaml v0.11.0/go.mod h1:GNMwjim4Ypgp/MueD3zXHLRJEjz7RvtPae0AwlvEMFM= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= +sigs.k8s.io/controller-runtime v0.11.2 h1:H5GTxQl0Mc9UjRJhORusqfJCIjBO8UtUxGggCwL1rLA= +sigs.k8s.io/controller-runtime v0.11.2/go.mod h1:P6QCzrEjLaZGqHsfd+os7JQ+WFZhvB8MRFsn4dWF7O4= +sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 h1:fD1pz4yfdADVNfFmcP2aBEtudwUQ1AlLnRBALr33v3s= +sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= +sigs.k8s.io/kustomize/api v0.10.1 h1:KgU7hfYoscuqag84kxtzKdEC3mKMb99DPI3a0eaV1d0= +sigs.k8s.io/kustomize/api v0.10.1/go.mod h1:2FigT1QN6xKdcnGS2Ppp1uIWrtWN28Ms8A3OZUZhwr8= +sigs.k8s.io/kustomize/kyaml v0.13.0 h1:9c+ETyNfSrVhxvphs+K2dzT3dh5oVPPEqPOE/cUpScY= +sigs.k8s.io/kustomize/kyaml v0.13.0/go.mod h1:FTJxEZ86ScK184NpGSAQcfEqee0nul8oLCK30D47m4E= sigs.k8s.io/mdtoc v1.1.0 h1:q3YtqYzmC2e0hgLXRIOm7/QLuPux1CX3ZHCwlbABxZo= sigs.k8s.io/mdtoc v1.1.0/go.mod h1:QZLVEdHH2iNIR4uHAZyvFRtjloHgVItk8lo/mzCtq3w= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.1.2 h1:Hr/htKFmJEbtMgS/UD0N+gtgctAqz81t3nu+sPzynno= -sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= +sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= +sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 0e886aff5..ae243255f 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -227,7 +227,7 @@ func (f *Framework) NewGRPCBinDeployment() { PeriodSeconds: 1, SuccessThreshold: 1, TimeoutSeconds: 1, - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ TCPSocket: &corev1.TCPSocketAction{ Port: intstr.FromInt(9000), }, @@ -318,7 +318,7 @@ func newDeployment(name, namespace, image string, port int32, replicas int32, co SuccessThreshold: 1, TimeoutSeconds: 2, FailureThreshold: 6, - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Port: intstr.FromString("http"), Path: "/", From 89ed571d2a8c7c2486e9671808e27a7cfbe3b40d Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Mon, 11 Apr 2022 11:06:07 -0300 Subject: [PATCH 048/494] Implement object deep inspector (#8456) --- cmd/nginx/flags.go | 3 + docs/user-guide/cli-arguments.md | 1 + internal/ingress/controller/controller.go | 8 +- .../ingress/controller/controller_test.go | 2 + internal/ingress/controller/nginx.go | 1 + internal/ingress/controller/store/store.go | 15 +++ .../ingress/controller/store/store_test.go | 11 +++ internal/ingress/inspector/ingress.go | 62 ++++++++++++ internal/ingress/inspector/ingress_test.go | 99 +++++++++++++++++++ internal/ingress/inspector/inspector.go | 38 +++++++ internal/ingress/inspector/rules.go | 53 ++++++++++ internal/ingress/inspector/rules_test.go | 66 +++++++++++++ internal/ingress/inspector/service.go | 26 +++++ test/e2e/admission/admission.go | 17 ++++ test/e2e/ingress/deep_inspection.go | 67 +++++++++++++ 15 files changed, 468 insertions(+), 1 deletion(-) create mode 100644 internal/ingress/inspector/ingress.go create mode 100644 internal/ingress/inspector/ingress_test.go create mode 100644 internal/ingress/inspector/inspector.go create mode 100644 internal/ingress/inspector/rules.go create mode 100644 internal/ingress/inspector/rules_test.go create mode 100644 internal/ingress/inspector/service.go create mode 100644 test/e2e/ingress/deep_inspection.go diff --git a/cmd/nginx/flags.go b/cmd/nginx/flags.go index cfeadc7db..302930551 100644 --- a/cmd/nginx/flags.go +++ b/cmd/nginx/flags.go @@ -201,6 +201,8 @@ Takes the form ":port". If not provided, no admission controller is starte shutdownGracePeriod = flags.Int("shutdown-grace-period", 0, "Seconds to wait after receiving the shutdown signal, before stopping the nginx process.") postShutdownGracePeriod = flags.Int("post-shutdown-grace-period", 10, "Seconds to wait after the nginx process has stopped before controller exits.") + + deepInspector = flags.Bool("deep-inspect", true, "Enables ingress object security deep inspector") ) flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases`) @@ -321,6 +323,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g UDPConfigMapName: *udpConfigMapName, DisableFullValidationTest: *disableFullValidationTest, DefaultSSLCertificate: *defSSLCertificate, + DeepInspector: *deepInspector, PublishService: *publishSvc, PublishStatusAddress: *publishStatusAddress, UpdateStatusOnShutdown: *updateStatusOnShutdown, diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index b9cd0c564..f2b0f7a82 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -12,6 +12,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--apiserver-host` | Address of the Kubernetes API server. Takes the form "protocol://address:port". If not specified, it is assumed the program runs inside a Kubernetes cluster and local discovery is attempted. | | `--certificate-authority` | Path to a cert file for the certificate authority. This certificate is used only when the flag --apiserver-host is specified. | | `--configmap` | Name of the ConfigMap containing custom global configurations for the controller. | +| `--deep-inspect` | Enables ingress object security deep inspector. (default true) | | `--default-backend-service` | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form "namespace/name". The controller configures NGINX to forward requests to the first port of this Service. | | `--default-server-port` | Port to use for exposing the default server (catch-all). (default 8181) | | `--default-ssl-certificate` | Secret containing a SSL certificate to be used by the default HTTPS server (catch-all). Takes the form "namespace/name". | diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index a7efdab91..778dfa03d 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -41,6 +41,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/controller/ingressclass" "k8s.io/ingress-nginx/internal/ingress/controller/store" "k8s.io/ingress-nginx/internal/ingress/errors" + "k8s.io/ingress-nginx/internal/ingress/inspector" "k8s.io/ingress-nginx/internal/ingress/metric/collectors" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/nginx" @@ -123,6 +124,7 @@ type Configuration struct { InternalLoggerAddress string IsChroot bool + DeepInspector bool } // GetPublishService returns the Service used to set the load-balancer status of Ingresses. @@ -237,7 +239,11 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error { if !ing.DeletionTimestamp.IsZero() { return nil } - + if n.cfg.DeepInspector { + if err := inspector.DeepInspect(ing); err != nil { + return fmt.Errorf("invalid object: %w", err) + } + } // Do not attempt to validate an ingress that's not meant to be controlled by the current instance of the controller. if ingressClass, err := n.store.GetIngressClass(ing, n.cfg.IngressClassConfiguration); ingressClass == "" { klog.Warningf("ignoring ingress %v in %v based on annotation %v: %v", ing.Name, ing.ObjectMeta.Namespace, ingressClass, err) diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index 5e3eb9113..398e18830 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -2396,6 +2396,7 @@ func newNGINXController(t *testing.T) *NGINXController { clientSet, channels.NewRingChannel(10), false, + true, &ingressclass.IngressClassConfiguration{ Controller: "k8s.io/ingress-nginx", AnnotationValue: "nginx", @@ -2460,6 +2461,7 @@ func newDynamicNginxController(t *testing.T, setConfigMap func(string) *v1.Confi clientSet, channels.NewRingChannel(10), false, + true, &ingressclass.IngressClassConfiguration{ Controller: "k8s.io/ingress-nginx", AnnotationValue: "nginx", diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 4a6d3d2f4..7ff772a96 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -131,6 +131,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro config.Client, n.updateCh, config.DisableCatchAll, + config.DeepInspector, config.IngressClassConfiguration) n.syncQueue = task.NewTaskQueue(n.syncIngress) diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 2b15dc74d..d29636b03 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -42,6 +42,7 @@ import ( clientcorev1 "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/record" + "k8s.io/ingress-nginx/internal/ingress/inspector" "k8s.io/klog/v2" "k8s.io/ingress-nginx/internal/file" @@ -247,6 +248,7 @@ func New( client clientset.Interface, updateCh *channels.RingChannel, disableCatchAll bool, + deepInspector bool, icConfig *ingressclass.IngressClassConfiguration) Storer { store := &k8sStore{ @@ -426,6 +428,12 @@ func New( klog.InfoS("Found valid IngressClass", "ingress", klog.KObj(ing), "ingressclass", ic) + if deepInspector { + if err := inspector.DeepInspect(ing); err != nil { + klog.ErrorS(err, "received invalid ingress", "ingress", klog.KObj(ing)) + return + } + } if hasCatchAllIngressRule(ing.Spec) && disableCatchAll { klog.InfoS("Ignoring add for catch-all ingress because of --disable-catch-all", "ingress", klog.KObj(ing)) return @@ -482,6 +490,13 @@ func New( return } + if deepInspector { + if err := inspector.DeepInspect(curIng); err != nil { + klog.ErrorS(err, "received invalid ingress", "ingress", klog.KObj(curIng)) + return + } + } + store.syncIngress(curIng) store.updateSecretIngressMap(curIng) store.syncSecrets(curIng) diff --git a/internal/ingress/controller/store/store_test.go b/internal/ingress/controller/store/store_test.go index 735208001..4868f792f 100644 --- a/internal/ingress/controller/store/store_test.go +++ b/internal/ingress/controller/store/store_test.go @@ -124,6 +124,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, DefaultClassConfig) storer.Run(stopCh) @@ -204,6 +205,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, DefaultClassConfig) storer.Run(stopCh) @@ -307,6 +309,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, DefaultClassConfig) storer.Run(stopCh) @@ -422,6 +425,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, ingressClassconfig) storer.Run(stopCh) @@ -551,6 +555,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, ingressClassconfig) storer.Run(stopCh) @@ -650,6 +655,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, DefaultClassConfig) storer.Run(stopCh) @@ -743,6 +749,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, DefaultClassConfig) storer.Run(stopCh) @@ -828,6 +835,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, DefaultClassConfig) storer.Run(stopCh) @@ -923,6 +931,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, DefaultClassConfig) storer.Run(stopCh) @@ -1046,6 +1055,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, DefaultClassConfig) storer.Run(stopCh) @@ -1166,6 +1176,7 @@ func TestStore(t *testing.T) { clientSet, updateCh, false, + true, DefaultClassConfig) storer.Run(stopCh) diff --git a/internal/ingress/inspector/ingress.go b/internal/ingress/inspector/ingress.go new file mode 100644 index 000000000..12db946ea --- /dev/null +++ b/internal/ingress/inspector/ingress.go @@ -0,0 +1,62 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package inspector + +import ( + "fmt" + + networking "k8s.io/api/networking/v1" +) + +// InspectIngress is used to do the deep inspection of an ingress object, walking through all +// of the spec fields and checking for matching strings and configurations that may represent +// an attempt to escape configs +func InspectIngress(ingress *networking.Ingress) error { + for _, rule := range ingress.Spec.Rules { + if rule.Host != "" { + if err := CheckRegex(rule.Host); err != nil { + return fmt.Errorf("invalid host in ingress %s/%s: %s", ingress.Namespace, ingress.Name, err) + } + } + if rule.HTTP != nil { + if err := inspectIngressRule(rule.HTTP); err != nil { + return fmt.Errorf("invalid rule in ingress %s/%s: %s", ingress.Namespace, ingress.Name, err) + } + } + } + + for _, tls := range ingress.Spec.TLS { + if err := CheckRegex(tls.SecretName); err != nil { + return fmt.Errorf("invalid secret in ingress %s/%s: %s", ingress.Namespace, ingress.Name, err) + } + for _, host := range tls.Hosts { + if err := CheckRegex(host); err != nil { + return fmt.Errorf("invalid host in ingress tls config %s/%s: %s", ingress.Namespace, ingress.Name, err) + } + } + } + return nil +} + +func inspectIngressRule(httprule *networking.HTTPIngressRuleValue) error { + for _, path := range httprule.Paths { + if err := CheckRegex(path.Path); err != nil { + return fmt.Errorf("invalid http path: %s", err) + } + } + return nil +} diff --git a/internal/ingress/inspector/ingress_test.go b/internal/ingress/inspector/ingress_test.go new file mode 100644 index 000000000..bfd9f6b93 --- /dev/null +++ b/internal/ingress/inspector/ingress_test.go @@ -0,0 +1,99 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package inspector + +import ( + "testing" + + networking "k8s.io/api/networking/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func makeSimpleIngress(hostname string, paths ...string) *networking.Ingress { + + newIngress := networking.Ingress{ + ObjectMeta: v1.ObjectMeta{ + Name: "test1", + Namespace: "default", + }, + Spec: networking.IngressSpec{ + Rules: []networking.IngressRule{ + { + Host: hostname, + IngressRuleValue: networking.IngressRuleValue{ + HTTP: &networking.HTTPIngressRuleValue{ + Paths: []networking.HTTPIngressPath{}, + }, + }, + }, + }, + }, + } + + prefix := networking.PathTypePrefix + for _, path := range paths { + newPath := networking.HTTPIngressPath{ + Path: path, + PathType: &prefix, + } + newIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths = append(newIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths, newPath) + } + return &newIngress +} + +func TestInspectIngress(t *testing.T) { + tests := []struct { + name string + hostname string + path []string + wantErr bool + }{ + { + name: "invalid-path-etc", + hostname: "invalid.etc.com", + path: []string{ + "/var/run/secrets", + "/mypage", + }, + wantErr: true, + }, + { + name: "invalid-path-etc", + hostname: "invalid.etc.com", + path: []string{ + "/etc/nginx", + }, + wantErr: true, + }, + { + name: "invalid-path-etc", + hostname: "invalid.etc.com", + path: []string{ + "/mypage", + }, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ingress := makeSimpleIngress(tt.hostname, tt.path...) + if err := InspectIngress(ingress); (err != nil) != tt.wantErr { + t.Errorf("InspectIngress() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} diff --git a/internal/ingress/inspector/inspector.go b/internal/ingress/inspector/inspector.go new file mode 100644 index 000000000..98f257997 --- /dev/null +++ b/internal/ingress/inspector/inspector.go @@ -0,0 +1,38 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package inspector + +import ( + corev1 "k8s.io/api/core/v1" + networking "k8s.io/api/networking/v1" + "k8s.io/klog/v2" +) + +// DeepInspect is the function called by admissionwebhook and store syncer to check +// if an object contains invalid configurations that may represent a security risk, +// and returning an error in this case +func DeepInspect(obj interface{}) error { + switch obj.(type) { + case *networking.Ingress: + return InspectIngress(obj.(*networking.Ingress)) + case *corev1.Service: + return InspectService(obj.(*corev1.Service)) + default: + klog.Warningf("received invalid object to inspect: %T", obj) + return nil + } +} diff --git a/internal/ingress/inspector/rules.go b/internal/ingress/inspector/rules.go new file mode 100644 index 000000000..9c9ade0f2 --- /dev/null +++ b/internal/ingress/inspector/rules.go @@ -0,0 +1,53 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package inspector + +import ( + "fmt" + "regexp" +) + +var ( + invalidAliasDirective = regexp.MustCompile(`\s*alias\s*.*;`) + invalidRootDirective = regexp.MustCompile(`\s*root\s*.*;`) + invalidEtcDir = regexp.MustCompile(`/etc/(passwd|shadow|group|nginx|ingress-controller)`) + invalidSecretsDir = regexp.MustCompile(`/var/run/secrets`) + invalidByLuaDirective = regexp.MustCompile(`.*_by_lua.*`) + + invalidRegex = []regexp.Regexp{} +) + +func init() { + invalidRegex = []regexp.Regexp{ + *invalidAliasDirective, + *invalidRootDirective, + *invalidEtcDir, + *invalidSecretsDir, + *invalidByLuaDirective, + } +} + +// CheckRegex receives a value/configuration and validates if it matches with one of the +// forbidden regexes. +func CheckRegex(value string) error { + for _, regex := range invalidRegex { + if regex.MatchString(value) { + return fmt.Errorf("invalid value found: %s", value) + } + } + return nil +} diff --git a/internal/ingress/inspector/rules_test.go b/internal/ingress/inspector/rules_test.go new file mode 100644 index 000000000..3c8f9f47b --- /dev/null +++ b/internal/ingress/inspector/rules_test.go @@ -0,0 +1,66 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package inspector + +import "testing" + +func TestCheckRegex(t *testing.T) { + + tests := []struct { + name string + value string + wantErr bool + }{ + { + name: "must refuse invalid root", + wantErr: true, + value: " root blabla/lala ;", + }, + { + name: "must refuse invalid alias", + wantErr: true, + value: " alias blabla/lala ;", + }, + { + name: "must refuse invalid attempt to call /etc", + wantErr: true, + value: "location /etc/nginx/lalala", + }, + { + name: "must refuse invalid attempt to call k8s secret", + wantErr: true, + value: "ssl_cert /var/run/secrets/kubernetes.io/lalala; xpto", + }, + { + name: "must refuse invalid attempt to call lua directives", + wantErr: true, + value: "set_by_lua lala", + }, + { + name: "must pass with valid configuration", + wantErr: false, + value: "/test/mypage1", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := CheckRegex(tt.value); (err != nil) != tt.wantErr { + t.Errorf("CheckRegex() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} diff --git a/internal/ingress/inspector/service.go b/internal/ingress/inspector/service.go new file mode 100644 index 000000000..27ed27a8c --- /dev/null +++ b/internal/ingress/inspector/service.go @@ -0,0 +1,26 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package inspector + +import ( + corev1 "k8s.io/api/core/v1" +) + +// InspectService will be used to inspect service objects for possible invalid configurations +func InspectService(svc *corev1.Service) error { + return nil +} diff --git a/test/e2e/admission/admission.go b/test/e2e/admission/admission.go index c4c1ef76d..c03a10ecc 100644 --- a/test/e2e/admission/admission.go +++ b/test/e2e/admission/admission.go @@ -110,6 +110,23 @@ var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() { assert.Nil(ginkgo.GinkgoT(), err, "creating an ingress with the same host and path should not return an error using a canary annotation") }) + ginkgo.It("should block ingress with invalid path", func() { + host := "invalid-path" + + firstIngress := framework.NewSingleIngress("valid-path", "/mypage", host, f.Namespace, framework.EchoService, 80, nil) + _, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{}) + assert.Nil(ginkgo.GinkgoT(), err, "creating ingress") + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %v", host)) + }) + + secondIngress := framework.NewSingleIngress("second-ingress", "/etc/nginx", host, f.Namespace, framework.EchoService, 80, nil) + _, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), secondIngress, metav1.CreateOptions{}) + assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid path should return an error") + }) + ginkgo.It("should return an error if there is an error validating the ingress definition", func() { host := "admission-test" diff --git a/test/e2e/ingress/deep_inspection.go b/test/e2e/ingress/deep_inspection.go new file mode 100644 index 000000000..0a4c3c539 --- /dev/null +++ b/test/e2e/ingress/deep_inspection.go @@ -0,0 +1,67 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ingress + +import ( + "net/http" + "strings" + + "github.com/onsi/ginkgo" + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.IngressNginxDescribe("[Ingress] DeepInspection", func() { + f := framework.NewDefaultFramework("deep-inspection") + + ginkgo.BeforeEach(func() { + f.NewEchoDeployment() + }) + + ginkgo.It("should drop whole ingress if one path matches invalid regex", func() { + host := "inspection123.com" + + ingInvalid := framework.NewSingleIngress("invalidregex", "/bla{alias /var/run/secrets/;}location ~* ^/abcd", host, f.Namespace, framework.EchoService, 80, nil) + f.EnsureIngress(ingInvalid) + ingValid := framework.NewSingleIngress("valid", "/xpto", host, f.Namespace, framework.EchoService, 80, nil) + f.EnsureIngress(ingValid) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, host) && + strings.Contains(server, "location /xpto") && + !strings.Contains(server, "location /bla") + }) + + f.HTTPTestClient(). + GET("/xpto"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClient(). + GET("/bla"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + + f.HTTPTestClient(). + GET("/abcd/"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + }) +}) From 47a266df45bc31928d7891c1c753460deb6df653 Mon Sep 17 00:00:00 2001 From: David Shay Date: Mon, 11 Apr 2022 14:42:06 -0400 Subject: [PATCH 049/494] Fix for buggy ingress sync with retries (#8325) --- cmd/nginx/flags.go | 63 ++++++++++++----------- internal/ingress/controller/controller.go | 15 ++++-- 2 files changed, 44 insertions(+), 34 deletions(-) diff --git a/cmd/nginx/flags.go b/cmd/nginx/flags.go index 302930551..337a1f827 100644 --- a/cmd/nginx/flags.go +++ b/cmd/nginx/flags.go @@ -65,7 +65,7 @@ The parameter --controller-class has precedence over this.`) ingressClassController = flags.String("controller-class", ingressclass.DefaultControllerName, `Ingress Class Controller value this Ingress satisfies. -The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.19.0 or higher. The .spec.controller value of the IngressClass +The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.19.0 or higher. The .spec.controller value of the IngressClass referenced in an Ingress Object should be the same value specified here to make this object be watched.`) watchWithoutClass = flags.Bool("watch-ingress-without-class", false, @@ -203,6 +203,8 @@ Takes the form ":port". If not provided, no admission controller is starte postShutdownGracePeriod = flags.Int("post-shutdown-grace-period", 10, "Seconds to wait after the nginx process has stopped before controller exits.") deepInspector = flags.Bool("deep-inspect", true, "Enables ingress object security deep inspector") + + dynamicConfigurationRetries = flags.Int("dynamic-configuration-retries", 15, "Number of times to retry failed dynamic configuration before failing to sync an ingress.") ) flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases`) @@ -303,35 +305,36 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g ngx_config.EnableSSLChainCompletion = *enableSSLChainCompletion config := &controller.Configuration{ - APIServerHost: *apiserverHost, - KubeConfigFile: *kubeConfigFile, - UpdateStatus: *updateStatus, - ElectionID: *electionID, - EnableProfiling: *profiling, - EnableMetrics: *enableMetrics, - MetricsPerHost: *metricsPerHost, - MetricsBuckets: histogramBuckets, - MonitorMaxBatchSize: *monitorMaxBatchSize, - DisableServiceExternalName: *disableServiceExternalName, - EnableSSLPassthrough: *enableSSLPassthrough, - ResyncPeriod: *resyncPeriod, - DefaultService: *defaultSvc, - Namespace: *watchNamespace, - WatchNamespaceSelector: namespaceSelector, - ConfigMapName: *configMap, - TCPConfigMapName: *tcpConfigMapName, - UDPConfigMapName: *udpConfigMapName, - DisableFullValidationTest: *disableFullValidationTest, - DefaultSSLCertificate: *defSSLCertificate, - DeepInspector: *deepInspector, - PublishService: *publishSvc, - PublishStatusAddress: *publishStatusAddress, - UpdateStatusOnShutdown: *updateStatusOnShutdown, - ShutdownGracePeriod: *shutdownGracePeriod, - PostShutdownGracePeriod: *postShutdownGracePeriod, - UseNodeInternalIP: *useNodeInternalIP, - SyncRateLimit: *syncRateLimit, - HealthCheckHost: *healthzHost, + APIServerHost: *apiserverHost, + KubeConfigFile: *kubeConfigFile, + UpdateStatus: *updateStatus, + ElectionID: *electionID, + EnableProfiling: *profiling, + EnableMetrics: *enableMetrics, + MetricsPerHost: *metricsPerHost, + MetricsBuckets: histogramBuckets, + MonitorMaxBatchSize: *monitorMaxBatchSize, + DisableServiceExternalName: *disableServiceExternalName, + EnableSSLPassthrough: *enableSSLPassthrough, + ResyncPeriod: *resyncPeriod, + DefaultService: *defaultSvc, + Namespace: *watchNamespace, + WatchNamespaceSelector: namespaceSelector, + ConfigMapName: *configMap, + TCPConfigMapName: *tcpConfigMapName, + UDPConfigMapName: *udpConfigMapName, + DisableFullValidationTest: *disableFullValidationTest, + DefaultSSLCertificate: *defSSLCertificate, + DeepInspector: *deepInspector, + PublishService: *publishSvc, + PublishStatusAddress: *publishStatusAddress, + UpdateStatusOnShutdown: *updateStatusOnShutdown, + ShutdownGracePeriod: *shutdownGracePeriod, + PostShutdownGracePeriod: *postShutdownGracePeriod, + UseNodeInternalIP: *useNodeInternalIP, + SyncRateLimit: *syncRateLimit, + HealthCheckHost: *healthzHost, + DynamicConfigurationRetries: *dynamicConfigurationRetries, ListenPorts: &ngx_config.ListenPorts{ Default: *defServerPort, Health: *healthzPort, diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 778dfa03d..f43c72d92 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -125,6 +125,8 @@ type Configuration struct { InternalLoggerAddress string IsChroot bool DeepInspector bool + + DynamicConfigurationRetries int } // GetPublishService returns the Service used to set the load-balancer status of Ingresses. @@ -194,19 +196,24 @@ func (n *NGINXController) syncIngress(interface{}) error { } retry := wait.Backoff{ - Steps: 15, - Duration: 1 * time.Second, - Factor: 0.8, + Steps: 1 + n.cfg.DynamicConfigurationRetries, + Duration: time.Second, + Factor: 1.3, Jitter: 0.1, } + retriesRemaining := retry.Steps err := wait.ExponentialBackoff(retry, func() (bool, error) { err := n.configureDynamically(pcfg) if err == nil { klog.V(2).Infof("Dynamic reconfiguration succeeded.") return true, nil } - + retriesRemaining-- + if retriesRemaining > 0 { + klog.Warningf("Dynamic reconfiguration failed (retrying; %d retries left): %v", retriesRemaining, err) + return false, nil + } klog.Warningf("Dynamic reconfiguration failed: %v", err) return false, err }) From ea5a3036bf52e86e2f6fd98b818d5c9cc4ca9737 Mon Sep 17 00:00:00 2001 From: Naseem Ullah <24660299+naseemkullah@users.noreply.github.com> Date: Tue, 12 Apr 2022 17:40:46 -0400 Subject: [PATCH 050/494] Improve req handling dashboard (#8322) Display per method/path combos for various metrics, adjust titles, and sort tooltip by decreasing Signed-off-by: Naseem Ullah <24660299+naseemkullah@users.noreply.github.com> --- .../request-handling-performance.json | 350 +++++++++--------- 1 file changed, 177 insertions(+), 173 deletions(-) diff --git a/deploy/grafana/dashboards/request-handling-performance.json b/deploy/grafana/dashboards/request-handling-performance.json index e231129be..1422336ae 100644 --- a/deploy/grafana/dashboards/request-handling-performance.json +++ b/deploy/grafana/dashboards/request-handling-performance.json @@ -9,17 +9,18 @@ "pluginName": "Prometheus" } ], + "__elements": [], "__requires": [ { "type": "grafana", "id": "grafana", "name": "Grafana", - "version": "6.6.0" + "version": "8.3.4" }, { "type": "panel", "id": "graph", - "name": "Graph", + "name": "Graph (old)", "version": "" }, { @@ -38,25 +39,41 @@ "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, "type": "dashboard" } ] }, "description": "", "editable": true, + "fiscalYearStartMonth": 0, "gnetId": 9614, "graphTooltip": 1, "id": null, - "iteration": 1582146566338, + "iteration": 1646929474557, "links": [], + "liveNow": false, "panels": [ { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "Total time taken for nginx and upstream servers to process a request and send a response", + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total time for NGINX and upstream servers to process a request and send a response", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, "fill": 1, "fillGradient": 0, "gridPos": { @@ -80,9 +97,10 @@ "linewidth": 1, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "8.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -92,63 +110,52 @@ "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", "interval": "", "legendFormat": ".5", "refId": "D" }, { - "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", "interval": "", "legendFormat": ".95", "refId": "B" }, { - "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", "interval": "", "legendFormat": ".99", "refId": "A" } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, - "title": "Total request handling time", + "title": "Request Latency Percentiles", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", "xaxis": { - "buckets": null, "mode": "time", - "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true }, { "format": "short", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true } ], "yaxis": { - "align": false, - "alignLevel": null + "align": false } }, { @@ -156,8 +163,16 @@ "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, "description": "The time spent on receiving the response from the upstream server", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, "fill": 1, "fillGradient": 0, "gridPos": { @@ -181,9 +196,10 @@ "linewidth": 1, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "8.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -193,7 +209,7 @@ "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", "instant": false, "interval": "", "intervalFactor": 1, @@ -201,57 +217,46 @@ "refId": "D" }, { - "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", "interval": "", "legendFormat": ".95", "refId": "B" }, { - "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", "interval": "", "legendFormat": ".99", "refId": "A" } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, - "title": "Upstream response time", + "title": "Upstream Response Latency Percentiles", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", "xaxis": { - "buckets": null, "mode": "time", - "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true }, { "format": "short", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true } ], "yaxis": { - "align": false, - "alignLevel": null + "align": false } }, { @@ -259,7 +264,15 @@ "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, "fill": 1, "fillGradient": 0, "gridPos": { @@ -285,9 +298,10 @@ "linewidth": 1, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "8.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -297,52 +311,41 @@ "steppedLine": false, "targets": [ { - "expr": " sum by (path)(\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n", + "expr": " sum by (method, host, path)(\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n", "interval": "", "intervalFactor": 1, - "legendFormat": "{{ path }}", + "legendFormat": "{{ method }} {{ host }}{{path }}", "refId": "A" } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, - "title": "Request volume by Path", + "title": "Request Rate by Method and Path", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", "xaxis": { - "buckets": null, "mode": "time", - "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "reqps", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true }, { "format": "short", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true } ], "yaxis": { - "align": false, - "alignLevel": null + "align": false } }, { @@ -350,8 +353,16 @@ "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, "description": "For each path observed, its median upstream response time", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, "fill": 1, "fillGradient": 0, "gridPos": { @@ -377,9 +388,10 @@ "linewidth": 1, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "8.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -389,52 +401,41 @@ "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(\n .5,\n sum by (le, path)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "expr": "histogram_quantile(\n .5,\n sum by (le, method, host, path)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", "interval": "", "intervalFactor": 1, - "legendFormat": "{{ path }}", + "legendFormat": "{{ method }} {{ host }}{{path }}", "refId": "A" } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, - "title": "Median upstream response time by Path", + "title": "Median Upstream Response Time by Method and Path", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", "xaxis": { - "buckets": null, "mode": "time", - "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true }, { "format": "short", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true } ], "yaxis": { - "align": false, - "alignLevel": null + "align": false } }, { @@ -442,8 +443,16 @@ "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, "description": "Percentage of 4xx and 5xx responses among all responses.", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, "fill": 1, "fillGradient": 0, "gridPos": { @@ -469,9 +478,10 @@ "linewidth": 1, "nullPointMode": "null as zero", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "8.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -481,52 +491,41 @@ "steppedLine": false, "targets": [ { - "expr": "sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~ \"[4-5].*\"\n}[1m])) / sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n}[1m]))", + "expr": "sum by (method, host, path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~ \"[4-5].*\"\n}[5m])) / sum by (method, host, path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n}[5m]))", "interval": "", "intervalFactor": 1, - "legendFormat": "{{ path }}", + "legendFormat": "{{ method }} {{ host }}{{path }}", "refId": "A" } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, - "title": "Response error rate by Path", + "title": "Response Error Rate by Method and Path", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", "xaxis": { - "buckets": null, "mode": "time", - "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "percentunit", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true }, { "format": "short", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true } ], "yaxis": { - "align": false, - "alignLevel": null + "align": false } }, { @@ -534,8 +533,16 @@ "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, "description": "For each path observed, the sum of upstream request time", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, "fill": 1, "fillGradient": 0, "gridPos": { @@ -561,9 +568,10 @@ "linewidth": 1, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "8.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -573,52 +581,41 @@ "steppedLine": false, "targets": [ { - "expr": "sum by (path) (rate(nginx_ingress_controller_response_duration_seconds_sum{ingress =~ \"$ingress\"}[1m]))", + "expr": "sum by (method, host, path) (rate(nginx_ingress_controller_response_duration_seconds_sum{ingress =~ \"$ingress\"}[5m]))", "interval": "", "intervalFactor": 1, - "legendFormat": "{{ path }}", + "legendFormat": "{{ method }} {{ host }}{{path }}", "refId": "A" } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, - "title": "Upstream time consumed by Path", + "title": "Upstream Response Time by Method and Path", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", "xaxis": { - "buckets": null, "mode": "time", - "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true }, { "format": "short", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true } ], "yaxis": { - "align": false, - "alignLevel": null + "align": false } }, { @@ -626,7 +623,15 @@ "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, "fill": 1, "fillGradient": 0, "gridPos": { @@ -652,9 +657,10 @@ "linewidth": 1, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "8.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -664,52 +670,41 @@ "steppedLine": false, "targets": [ { - "expr": " sum (\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~\"[4-5].*\",\n }[1m]\n )\n ) by(path, status)\n", + "expr": " sum (\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~\"[4-5].*\",\n }[5m]\n )\n ) by(method, host, path, status)\n", "interval": "", "intervalFactor": 1, - "legendFormat": "{{ path }} {{ status }}", + "legendFormat": "{{ method }} {{ host }}{{path }} {{ status }}", "refId": "A" } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, - "title": "Response error volume by Path", + "title": "Response Error Rate by Method and Path", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", "xaxis": { - "buckets": null, "mode": "time", - "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "reqps", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true }, { "format": "short", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true } ], "yaxis": { - "align": false, - "alignLevel": null + "align": false } }, { @@ -717,7 +712,15 @@ "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, "fill": 1, "fillGradient": 0, "gridPos": { @@ -743,9 +746,10 @@ "linewidth": 1, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "8.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -755,60 +759,49 @@ "steppedLine": false, "targets": [ { - "expr": "sum (\n rate (\n nginx_ingress_controller_response_size_sum {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path) / sum (\n rate(\n nginx_ingress_controller_response_size_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path)\n", + "expr": "sum (\n rate (\n nginx_ingress_controller_response_size_sum {\n ingress =~ \"$ingress\",\n }[5m]\n )\n) by (method, host, path) / sum (\n rate(\n nginx_ingress_controller_response_size_count {\n ingress =~ \"$ingress\",\n }[5m]\n )\n) by (method, host, path)\n", "hide": false, "instant": false, "interval": "", "intervalFactor": 1, - "legendFormat": "{{ path }}", + "legendFormat": "{{ method }} {{ host }}{{path }}", "refId": "D" }, { - "expr": " sum (rate(nginx_ingress_controller_response_size_bucket{\n ingress =~ \"$ingress\",\n }[1m])) by (le)\n", + "expr": " sum (rate(nginx_ingress_controller_response_size_bucket{\n ingress =~ \"$ingress\",\n }[5m])) by (le)\n", "hide": true, "legendFormat": "{{le}}", "refId": "A" } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, - "title": "Average response size by Path", + "title": "Average Response Size by Method and Path", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", "xaxis": { - "buckets": null, "mode": "time", - "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true }, { "format": "short", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true } ], "yaxis": { - "align": false, - "alignLevel": null + "align": false } }, { @@ -816,7 +809,15 @@ "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, "fill": 1, "fillGradient": 0, "gridPos": { @@ -840,9 +841,10 @@ "linewidth": 1, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "8.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -852,7 +854,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_sum {\n ingress =~ \"$ingress\",\n }[1m]\n)) / sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n)\n", + "expr": "sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_sum {\n ingress =~ \"$ingress\",\n }[5m]\n)) / sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_count {\n ingress =~ \"$ingress\",\n }[5m]\n )\n)\n", "hide": false, "instant": false, "interval": "", @@ -862,49 +864,38 @@ } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, - "title": "Upstream service latency", + "title": "Upstream Service Latency", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", "xaxis": { - "buckets": null, "mode": "time", - "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true }, { "format": "short", - "label": null, "logBase": 1, - "max": null, - "min": null, "show": true } ], "yaxis": { - "align": false, - "alignLevel": null + "align": false } } ], "refresh": "30s", - "schemaVersion": 22, + "schemaVersion": 34, "style": "dark", "tags": [ "nginx" @@ -912,19 +903,29 @@ "templating": { "list": [ { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, "hide": 0, + "includeAll": false, "label": "datasource", + "multi": false, "name": "DS_PROMETHEUS", "options": [], "query": "prometheus", "refresh": 1, "regex": "", + "skipUrlSync": false, "type": "datasource" }, { "allValue": ".*", "current": {}, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, "definition": "label_values(nginx_ingress_controller_requests, ingress) ", "hide": 0, "includeAll": true, @@ -932,13 +933,15 @@ "multi": false, "name": "ingress", "options": [], - "query": "label_values(nginx_ingress_controller_requests, ingress) ", + "query": { + "query": "label_values(nginx_ingress_controller_requests, ingress) ", + "refId": "Prometheus-ingress-Variable-Query" + }, "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 2, "tagValuesQuery": "", - "tags": [], "tagsQuery": "", "type": "query", "useTags": false @@ -977,5 +980,6 @@ "timezone": "browser", "title": "Request Handling Performance", "uid": "4GFbkOsZk", - "version": 1 + "version": 1, + "weekStart": "" } From 1a8c70d1d9572a5e9491b9c4deab39e1b1812f64 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 12 Apr 2022 18:42:46 -0300 Subject: [PATCH 051/494] Prepare v1.2.0-beta.0 release (#8464) --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 99a4aef0c..031636768 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.1.3 +v1.2.0-beta.0 From e86e7eebf551d85b8ac1d0b91a87d4810d89fcf6 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Thu, 14 Apr 2022 11:04:47 +0800 Subject: [PATCH 052/494] chore: v1.2.0-beta.0 release (#8465) Signed-off-by: Jintao Zhang --- Changelog.md | 29 +++++++++++++++++++++++++++++ charts/ingress-nginx/Chart.yaml | 19 ++++++++++++------- charts/ingress-nginx/README.md | 7 ++++--- charts/ingress-nginx/values.yaml | 6 +++--- 4 files changed, 48 insertions(+), 13 deletions(-) diff --git a/Changelog.md b/Changelog.md index 0ef69197d..8921ee6c4 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,34 @@ # Changelog +### 1.2.0-beta.0 + +**Image:** +- k8s.gcr.io/ingress-nginx/controller:v1.2.0-beta.0@sha256:92115f5062568ebbcd450cd2cf9bffdef8df9fc61e7d5868ba8a7c9d773e0961 +- k8s.gcr.io/ingress-nginx/controller-chroot:v1.2.0-beta.0@sha256:0082f0f547b147a30ad85a5d6d2ceb3edbf0848b2008ed754365b6678bdea9a5 + +This release introduces Jail/chroot nginx process inside controller container for the first time + +_Changes:_ + +- [8417](https://github.com/kubernetes/ingress-nginx/pull/8417) force helm release to artifact hub +- [8421](https://github.com/kubernetes/ingress-nginx/pull/8421) fix change log changes list +- [8405](https://github.com/kubernetes/ingress-nginx/pull/8405) kubectl-plugin code overview info +- [8399](https://github.com/kubernetes/ingress-nginx/pull/8399) Darwin arm64 +- [8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement +- [8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0 +- [8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one +- [8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing +- [8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist +- [8219](https://github.com/kubernetes/ingress-nginx/pull/8219) Add keepalive support for auth requests +- [8337](https://github.com/kubernetes/ingress-nginx/pull/8337) Jail/chroot nginx process inside controller container +- [8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md +- [8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies +- [8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector +- [8325](https://github.com/kubernetes/ingress-nginx/pull/8325) Fix for buggy ingress sync with retries +- [8322](https://github.com/kubernetes/ingress-nginx/pull/8322) Improve req handling dashboard +- [8464](https://github.com/kubernetes/ingress-nginx/pull/8464) Prepare v1.2.0-beta.0 release + + ### 1.1.3 **Image:** diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index bf9006e58..fdd9af270 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.0.19 -appVersion: 1.1.3 +version: 4.1.0-beta.0 +appVersion: 1.2.0-beta.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -22,11 +22,16 @@ kubeVersion: ">=1.19.0-0" annotations: # Use this annotation to indicate that this chart version is a pre-release. # https://artifacthub.io/docs/topics/annotations/helm/ - artifacthub.io/prerelease: "false" + artifacthub.io/prerelease: "true" # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "#8307 Nginx v1.19.10" - - "#8386 Alpine 3.14.4" - - "#8339 Patch OpenSSL CVE-2022-0778" - - "#8321 Vulnerability CVE-2022-23308 for libxml2" + - "#8426 Bump github.com/prometheus/common from 0.32.1 to 0.33.0" + - "#8444 replace deprecated topology key in example with current one" + - "#8446 Fix suggested annotation-value-word-blocklist" + - "#8219 Add keepalive support for auth requests" + - "#8337 Jail/chroot nginx process inside controller container" + - "#8455 Update dependencies" + - "#8456 Implement object deep inspector" + - "#8325 Fix for buggy ingress sync with retries" + - "#8322 Improve req handling dashboard" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index c6887521c..d34943edd 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.0.19](https://img.shields.io/badge/Version-4.0.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.3](https://img.shields.io/badge/AppVersion-1.1.3-informational?style=flat-square) +![Version: 4.1.0-beta.0](https://img.shields.io/badge/Version-4.1.0--beta.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0-beta.0](https://img.shields.io/badge/AppVersion-1.2.0--beta.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -307,12 +307,13 @@ Kubernetes: `>=1.19.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2"` | | +| controller.image.digest | string | `"sha256:92115f5062568ebbcd450cd2cf9bffdef8df9fc61e7d5868ba8a7c9d773e0961"` | | +| controller.image.digestChroot | string | `"sha256:0082f0f547b147a30ad85a5d6d2ceb3edbf0848b2008ed754365b6678bdea9a5"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"k8s.gcr.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.1.3"` | | +| controller.image.tag | string | `"v1.2.0-beta.0"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 500b2bb53..d3d2ef693 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.1.3" - digest: sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 - # digestChroot: "" # TODO: Fill when we have it + tag: "v1.2.0-beta.0" + digest: sha256:92115f5062568ebbcd450cd2cf9bffdef8df9fc61e7d5868ba8a7c9d773e0961 + digestChroot: sha256:0082f0f547b147a30ad85a5d6d2ceb3edbf0848b2008ed754365b6678bdea9a5 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 From db4aeea723dcb4d8c21d8426f4e21e5f52eec2f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Havl=C3=AD=C4=8Dek?= Date: Thu, 14 Apr 2022 05:06:48 +0200 Subject: [PATCH 053/494] Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty (#8468) --- rootfs/etc/nginx/template/nginx.tmpl | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index eaaf60c65..b845988ad 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -591,7 +591,12 @@ http { end {{ if $cfg.UseForwardedHeaders }} - local redirectScheme = ngx.var.http_x_forwarded_proto + local redirectScheme + if not ngx.var.http_x_forwarded_proto then + redirectScheme = ngx.var.scheme + else + redirectScheme = ngx.var.http_x_forwarded_proto + end {{ else }} local redirectScheme = ngx.var.scheme {{ end }} From d4b9b486e680fab8d78a078f24c96a3f378124f6 Mon Sep 17 00:00:00 2001 From: sskserk <78915702+sskserk@users.noreply.github.com> Date: Fri, 15 Apr 2022 13:09:10 +0200 Subject: [PATCH 054/494] Upstream keepalive time (#8319) * nginx 1.19.10 keepalive_time parameter * nginx v1.19.10 base image * keepalive_time documentation * base image * restore base image * e2e test * replace default value in test --- .../user-guide/nginx-configuration/configmap.md | 17 +++++++++++++---- internal/ingress/controller/config/config.go | 5 +++++ rootfs/etc/nginx/template/nginx.tmpl | 4 ++-- test/e2e/settings/keep-alive.go | 9 +++++++++ 4 files changed, 29 insertions(+), 6 deletions(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 27ef647ef..6cec6f02f 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -111,6 +111,7 @@ The following table shows a configuration option's name, type, and the default v |[variables-hash-bucket-size](#variables-hash-bucket-size)|int|128| |[variables-hash-max-size](#variables-hash-max-size)|int|2048| |[upstream-keepalive-connections](#upstream-keepalive-connections)|int|320| +|[upstream-keepalive-time](#upstream-keepalive-time)|string|"1h"| |[upstream-keepalive-timeout](#upstream-keepalive-timeout)|int|60| |[upstream-keepalive-requests](#upstream-keepalive-requests)|int|10000| |[limit-conn-zone-variable](#limit-conn-zone-variable)|string|"$binary_remote_addr"| @@ -223,13 +224,13 @@ Enables the return of the header Server from the backend instead of the generic Enables Ingress to parse and add *-snippet annotations/directives created by the user. _**default:**_ `true` -Warning: We recommend enabling this option only if you TRUST users with permission to create Ingress objects, as this +Warning: We recommend enabling this option only if you TRUST users with permission to create Ingress objects, as this may allow a user to add restricted configurations to the final nginx.conf file ## annotation-value-word-blocklist -Contains a comma-separated value of chars/words that are well known of being used to abuse Ingress configuration -and must be blocked. Related to [CVE-2021-25742](https://github.com/kubernetes/ingress-nginx/issues/7837) +Contains a comma-separated value of chars/words that are well known of being used to abuse Ingress configuration +and must be blocked. Related to [CVE-2021-25742](https://github.com/kubernetes/ingress-nginx/issues/7837) When an annotation is detected with a value that matches one of the blocked bad words, the whole Ingress won't be configured. @@ -769,6 +770,14 @@ _References:_ [https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) +## upstream-keepalive-time + +Sets the maximum time during which requests can be processed through one keepalive connection. + _**default:**_ "1h" + +_References:_ +[http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time) + ## upstream-keepalive-timeout Sets a timeout during which an idle keepalive connection to an upstream server will stay open. @@ -1258,7 +1267,7 @@ Configure `memcached` client for [Global Rate Limiting](https://github.com/kuber * `global-rate-limit-memcached-host`: IP/FQDN of memcached server to use. Required to enable Global Rate Limiting. * `global-rate-limit-memcached-port`: port of memcached server to use. Defaults default memcached port of `11211`. * `global-rate-limit-memcached-connect-timeout`: configure timeout for connect, send and receive operations. Unit is millisecond. Defaults to 50ms. -* `global-rate-limit-memcached-max-idle-timeout`: configure timeout for cleaning idle connections. Unit is millisecond. Defaults to 50ms. +* `global-rate-limit-memcached-max-idle-timeout`: configure timeout for cleaning idle connections. Unit is millisecond. Defaults to 50ms. * `global-rate-limit-memcached-pool-size`: configure number of max connections to keep alive. Make sure your `memcached` server can handle `global-rate-limit-memcached-pool-size * worker-processes * ` simultaneous connections. diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 4afb3e9f5..f0dfdc191 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -468,6 +468,10 @@ type Configuration struct { // http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive UpstreamKeepaliveConnections int `json:"upstream-keepalive-connections,omitempty"` + // Sets the maximum time during which requests can be processed through one keepalive connection + // https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time + UpstreamKeepaliveTime string `json:"upstream-keepalive-time,omitempty"` + // Sets a timeout during which an idle keepalive connection to an upstream server will stay open. // http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout UpstreamKeepaliveTimeout int `json:"upstream-keepalive-timeout,omitempty"` @@ -892,6 +896,7 @@ func NewDefault() Configuration { ServiceUpstream: false, }, UpstreamKeepaliveConnections: 320, + UpstreamKeepaliveTime: "1h", UpstreamKeepaliveTimeout: 60, UpstreamKeepaliveRequests: 10000, LimitConnZoneVariable: defaultLimitConnZoneVariable, diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index b845988ad..1ad8458c5 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -156,7 +156,7 @@ http { {{ else }} modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf; {{ end }} - + {{ if $all.Cfg.EnableOWASPCoreRules }} modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf; {{ end }} @@ -508,7 +508,7 @@ http { {{ if (gt $cfg.UpstreamKeepaliveConnections 0) }} keepalive {{ $cfg.UpstreamKeepaliveConnections }}; - + keepalive_time {{ $cfg.UpstreamKeepaliveTime }}; keepalive_timeout {{ $cfg.UpstreamKeepaliveTimeout }}s; keepalive_requests {{ $cfg.UpstreamKeepaliveRequests }}; {{ end }} diff --git a/test/e2e/settings/keep-alive.go b/test/e2e/settings/keep-alive.go index 5a2b5189e..6ef09b78c 100644 --- a/test/e2e/settings/keep-alive.go +++ b/test/e2e/settings/keep-alive.go @@ -74,6 +74,15 @@ var _ = framework.DescribeSetting("keep-alive keep-alive-requests", func() { }) }) + ginkgo.It("should set keepalive time to upstream server", func() { + f.UpdateNginxConfigMapData("upstream-keepalive-time", "75s") + + f.WaitForNginxConfiguration(func(server string) bool { + match, _ := regexp.MatchString(`upstream\supstream_balancer\s\{[\s\S]*keepalive_time\s*75s;`, server) + return match + }) + }) + ginkgo.It("should set the request count to upstream server through one keep alive connection", func() { f.UpdateNginxConfigMapData("upstream-keepalive-requests", "200") From 81c2afd975a6f9a9847184472286044d7d5296f6 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Fri, 15 Apr 2022 16:53:12 -0300 Subject: [PATCH 055/494] update base images and protobuf gomod (#8478) --- go.mod | 2 +- go.sum | 3 ++- images/custom-error-pages/rootfs/go.mod | 4 ++-- images/custom-error-pages/rootfs/go.sum | 6 ++++-- images/nginx/rootfs/Dockerfile | 4 ++-- images/opentelemetry/rootfs/Dockerfile | 4 ++-- rootfs/Dockerfile.chroot | 2 +- test/e2e-image/Dockerfile | 2 +- test/e2e-image/namespace-overlays/admission/values.yaml | 1 + .../namespace-overlays/custom-health-check-path/values.yaml | 1 + .../namespace-overlays/forwarded-port-headers/values.yaml | 1 + .../namespace-overlays/namespace-selector/values.yaml | 1 + test/e2e/wait-for-nginx.sh | 1 + 13 files changed, 20 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 62a71d20a..0a4befb3e 100644 --- a/go.mod +++ b/go.mod @@ -128,7 +128,7 @@ require ( golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 // indirect - google.golang.org/protobuf v1.27.1 // indirect + google.golang.org/protobuf v1.28.0 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect diff --git a/go.sum b/go.sum index 9e12fbaed..29455a435 100644 --- a/go.sum +++ b/go.sum @@ -1078,8 +1078,9 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index 3040c5791..dec3b7bbb 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -7,11 +7,11 @@ require github.com/prometheus/client_golang v1.11.0 require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.1.1 // indirect - github.com/golang/protobuf v1.4.3 // indirect + github.com/golang/protobuf v1.5.0 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.26.0 // indirect github.com/prometheus/procfs v0.6.0 // indirect golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 // indirect - google.golang.org/protobuf v1.26.0-rc.1 // indirect + google.golang.org/protobuf v1.28.0 // indirect ) diff --git a/images/custom-error-pages/rootfs/go.sum b/images/custom-error-pages/rootfs/go.sum index 6a42e5c54..87cd96b26 100644 --- a/images/custom-error-pages/rootfs/go.sum +++ b/images/custom-error-pages/rootfs/go.sum @@ -29,8 +29,9 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0 h1:LUVKkCeviFUMKqHa4tXIIij/lbhnMbP7Fn5wKdKkRh4= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -126,8 +127,9 @@ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.26.0-rc.1 h1:7QnIQpGRHE5RnLKnESfDoxm2dTapTZua5a0kS0A+VXQ= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index ccf70f143..75c63cff1 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.14.4 as builder +FROM alpine:3.14.6 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.14.4 +FROM alpine:3.14.6 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 84f5a3e7c..ebf288c56 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.14.4 as builder +FROM alpine:3.14.6 as builder COPY . / @@ -22,7 +22,7 @@ RUN apk update \ && apk add -U bash \ && /build.sh -FROM busybox:latest +FROM alpine:3.14.6 COPY --from=builder init_module.sh /usr/local/bin/init_module.sh COPY --from=builder /etc/nginx/modules /etc/nginx/modules diff --git a/rootfs/Dockerfile.chroot b/rootfs/Dockerfile.chroot index 53f8e3622..7055f06fc 100644 --- a/rootfs/Dockerfile.chroot +++ b/rootfs/Dockerfile.chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.14.2 +FROM alpine:3.14.6 ARG TARGETARCH ARG VERSION diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index 002a002cd..c8a07f294 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,6 +1,6 @@ FROM k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220331-controller-v1.1.2-31-gf1cb2b73c@sha256:baa326f5c726d65be828852943a259c1f0572883590b9081b7e8fa982d64d96e AS BASE -FROM alpine:3.14.4 +FROM alpine:3.14.6 RUN apk add -U --no-cache \ ca-certificates \ diff --git a/test/e2e-image/namespace-overlays/admission/values.yaml b/test/e2e-image/namespace-overlays/admission/values.yaml index 1f0367671..d423217db 100644 --- a/test/e2e-image/namespace-overlays/admission/values.yaml +++ b/test/e2e-image/namespace-overlays/admission/values.yaml @@ -6,6 +6,7 @@ controller: chroot: true tag: 1.0.0-dev digest: + digestChroot: containerPort: http: "1080" https: "1443" diff --git a/test/e2e-image/namespace-overlays/custom-health-check-path/values.yaml b/test/e2e-image/namespace-overlays/custom-health-check-path/values.yaml index 7507d60db..4c6bef855 100644 --- a/test/e2e-image/namespace-overlays/custom-health-check-path/values.yaml +++ b/test/e2e-image/namespace-overlays/custom-health-check-path/values.yaml @@ -6,6 +6,7 @@ controller: chroot: true tag: 1.0.0-dev digest: + digestChroot: extraArgs: healthz-port: "9090" # e2e tests do not require information about ingress status diff --git a/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml b/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml index e0b8003d2..68b4a074c 100644 --- a/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml +++ b/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml @@ -6,6 +6,7 @@ controller: chroot: true tag: 1.0.0-dev digest: + digestChroot: containerPort: http: "1080" https: "1443" diff --git a/test/e2e-image/namespace-overlays/namespace-selector/values.yaml b/test/e2e-image/namespace-overlays/namespace-selector/values.yaml index 06252da6f..2c8957f66 100644 --- a/test/e2e-image/namespace-overlays/namespace-selector/values.yaml +++ b/test/e2e-image/namespace-overlays/namespace-selector/values.yaml @@ -6,6 +6,7 @@ controller: chroot: true tag: 1.0.0-dev digest: + digestChroot: containerPort: http: "1080" https: "1443" diff --git a/test/e2e/wait-for-nginx.sh b/test/e2e/wait-for-nginx.sh index ed2e04426..190f71e6d 100755 --- a/test/e2e/wait-for-nginx.sh +++ b/test/e2e/wait-for-nginx.sh @@ -62,6 +62,7 @@ controller: chroot: true tag: 1.0.0-dev digest: + digestChroot: scope: enabled: true config: From f9372aa4955eb608bd0d0899455bc5a5653e35bb Mon Sep 17 00:00:00 2001 From: Chris Shino <47957189+chrisshino@users.noreply.github.com> Date: Fri, 15 Apr 2022 15:59:10 -0400 Subject: [PATCH 056/494] added new auth-tls-match-cn annotation (#8434) * added new auth-tls-match-cn annotation * added few more tests --- .../nginx-configuration/annotations.md | 2 + internal/ingress/annotations/authtls/main.go | 8 ++ .../ingress/annotations/authtls/main_test.go | 11 +++ rootfs/etc/nginx/template/nginx.tmpl | 8 ++ test/e2e/annotations/authtls.go | 87 +++++++++++++++++++ 5 files changed, 116 insertions(+) diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 8958ccfee..6309601b2 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -28,6 +28,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/auth-tls-verify-client](#client-certificate-authentication)|string| |[nginx.ingress.kubernetes.io/auth-tls-error-page](#client-certificate-authentication)|string| |[nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream](#client-certificate-authentication)|"true" or "false"| +|[nginx.ingress.kubernetes.io/auth-tls-match-cn](#client-certificate-authentication)|string| |[nginx.ingress.kubernetes.io/auth-url](#external-authentication)|string| |[nginx.ingress.kubernetes.io/auth-cache-key](#external-authentication)|string| |[nginx.ingress.kubernetes.io/auth-cache-duration](#external-authentication)|string| @@ -264,6 +265,7 @@ You can further customize client certificate authentication and behavior with th * `optional_no_ca`: Do optional client certificate validation, but do not fail the request when the client certificate is not signed by the CAs from `auth-tls-secret`. Certificate verification result is sent to the upstream service. * `nginx.ingress.kubernetes.io/auth-tls-error-page`: The URL/Page that user should be redirected in case of a Certificate Authentication Error * `nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream`: Indicates if the received certificates should be passed or not to the upstream server in the header `ssl-client-cert`. Possible values are "true" or "false" (default). +* `nginx.ingress.kubernetes.io/auth-tls-match-cn`: Adds a sanity check for the CN of the client certificate that is sent over using a string / regex starting with "CN=", example: `"CN=myvalidclient"`. If the certificate CN sent during mTLS does not match your string / regex it will fail with status code 403. Another way of using this is by adding multiple options in your regex, example: `"CN=(option1|option2|myvalidclient)"`. In this case, as long as one of the options in the brackets matches the certificate CN then you will receive a 200 status code. The following headers are sent to the upstream service according to the `auth-tls-*` annotations: diff --git a/internal/ingress/annotations/authtls/main.go b/internal/ingress/annotations/authtls/main.go index cbe014c4a..2efd6d176 100644 --- a/internal/ingress/annotations/authtls/main.go +++ b/internal/ingress/annotations/authtls/main.go @@ -18,6 +18,7 @@ package authtls import ( "fmt" + networking "k8s.io/api/networking/v1" "regexp" @@ -35,6 +36,7 @@ const ( var ( authVerifyClientRegex = regexp.MustCompile(`on|off|optional|optional_no_ca`) + commonNameRegex = regexp.MustCompile(`CN=`) ) // Config contains the AuthSSLCert used for mutual authentication @@ -45,6 +47,7 @@ type Config struct { ValidationDepth int `json:"validationDepth"` ErrorPage string `json:"errorPage"` PassCertToUpstream bool `json:"passCertToUpstream"` + MatchCN string `json:"matchCN"` AuthTLSError string } @@ -127,5 +130,10 @@ func (a authTLS) Parse(ing *networking.Ingress) (interface{}, error) { config.PassCertToUpstream = false } + config.MatchCN, err = parser.GetStringAnnotation("auth-tls-match-cn", ing) + if err != nil || !commonNameRegex.MatchString(config.MatchCN) { + config.MatchCN = "" + } + return config, nil } diff --git a/internal/ingress/annotations/authtls/main_test.go b/internal/ingress/annotations/authtls/main_test.go index f7649fe1c..569f3865b 100644 --- a/internal/ingress/annotations/authtls/main_test.go +++ b/internal/ingress/annotations/authtls/main_test.go @@ -128,11 +128,15 @@ func TestAnnotations(t *testing.T) { if u.PassCertToUpstream != false { t.Errorf("expected %v but got %v", false, u.PassCertToUpstream) } + if u.MatchCN != "" { + t.Errorf("expected empty string, but got %v", u.MatchCN) + } data[parser.GetAnnotationWithPrefix("auth-tls-verify-client")] = "off" data[parser.GetAnnotationWithPrefix("auth-tls-verify-depth")] = "2" data[parser.GetAnnotationWithPrefix("auth-tls-error-page")] = "ok.com/error" data[parser.GetAnnotationWithPrefix("auth-tls-pass-certificate-to-upstream")] = "true" + data[parser.GetAnnotationWithPrefix("auth-tls-match-cn")] = "CN=hello-app" ing.SetAnnotations(data) @@ -161,6 +165,9 @@ func TestAnnotations(t *testing.T) { if u.PassCertToUpstream != true { t.Errorf("expected %v but got %v", true, u.PassCertToUpstream) } + if u.MatchCN != "CN=hello-app" { + t.Errorf("expected %v but got %v", "CN=hello-app", u.MatchCN) + } } func TestInvalidAnnotations(t *testing.T) { @@ -195,6 +202,7 @@ func TestInvalidAnnotations(t *testing.T) { data[parser.GetAnnotationWithPrefix("auth-tls-verify-client")] = "w00t" data[parser.GetAnnotationWithPrefix("auth-tls-verify-depth")] = "abcd" data[parser.GetAnnotationWithPrefix("auth-tls-pass-certificate-to-upstream")] = "nahh" + data[parser.GetAnnotationWithPrefix("auth-tls-match-cn")] = "" ing.SetAnnotations(data) i, err := NewParser(fakeSecret).Parse(ing) @@ -215,6 +223,9 @@ func TestInvalidAnnotations(t *testing.T) { if u.PassCertToUpstream != false { t.Errorf("expected %v but got %v", false, u.PassCertToUpstream) } + if u.MatchCN != "" { + t.Errorf("expected empty string but got %v", u.MatchCN) + } } diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 1ad8458c5..a181dd22a 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -946,6 +946,14 @@ stream { set $proxy_upstream_name "-"; + {{ if not ( empty $server.CertificateAuth.MatchCN ) }} + {{ if gt (len $server.CertificateAuth.MatchCN) 0 }} + if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) { + return 403 "client certificate unauthorized"; + } + {{ end }} + {{ end }} + {{ if eq $server.Hostname "_" }} ssl_reject_handshake {{ if $all.Cfg.SSLRejectHandshake }}on{{ else }}off{{ end }}; {{ end }} diff --git a/test/e2e/annotations/authtls.go b/test/e2e/annotations/authtls.go index 790165475..dbf4f2a76 100644 --- a/test/e2e/annotations/authtls.go +++ b/test/e2e/annotations/authtls.go @@ -262,6 +262,93 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() { Status(http.StatusOK) }) + + ginkgo.It("should return 403 using auth-tls-match-cn with no matching CN from client", func() { + host := "authtls.foo.com" + nameSpace := f.Namespace + + clientConfig, err := framework.CreateIngressMASecret( + f.KubeClientSet, + host, + host, + nameSpace) + assert.Nil(ginkgo.GinkgoT(), err) + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/auth-tls-secret": nameSpace + "/" + host, + "nginx.ingress.kubernetes.io/auth-tls-verify-client": "on", + "nginx.ingress.kubernetes.io/auth-tls-match-cn": "CN=notgonnamatch", + } + + f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, nameSpace, framework.EchoService, 80, annotations)) + + assertSslClientCertificateConfig(f, host, "on", "1") + + f.HTTPTestClientWithTLSConfig(clientConfig). + GET("/"). + WithURL(f.GetURL(framework.HTTPS)). + WithHeader("Host", host). + Expect(). + Status(http.StatusForbidden) + }) + + ginkgo.It("should return 200 using auth-tls-match-cn with matching CN from client", func() { + host := "authtls.foo.com" + nameSpace := f.Namespace + + clientConfig, err := framework.CreateIngressMASecret( + f.KubeClientSet, + host, + host, + nameSpace) + assert.Nil(ginkgo.GinkgoT(), err) + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/auth-tls-secret": nameSpace + "/" + host, + "nginx.ingress.kubernetes.io/auth-tls-verify-client": "on", + "nginx.ingress.kubernetes.io/auth-tls-match-cn": "CN=authtls", + } + + f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, nameSpace, framework.EchoService, 80, annotations)) + + assertSslClientCertificateConfig(f, host, "on", "1") + + f.HTTPTestClientWithTLSConfig(clientConfig). + GET("/"). + WithURL(f.GetURL(framework.HTTPS)). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + }) + + ginkgo.It("should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client", func() { + host := "authtls.foo.com" + nameSpace := f.Namespace + + clientConfig, err := framework.CreateIngressMASecret( + f.KubeClientSet, + host, + host, + nameSpace) + assert.Nil(ginkgo.GinkgoT(), err) + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/auth-tls-secret": nameSpace + "/" + host, + "nginx.ingress.kubernetes.io/auth-tls-verify-client": "on", + "nginx.ingress.kubernetes.io/auth-tls-match-cn": "CN=(itwillmatch|withthenextoption|authtls)", + } + + f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, nameSpace, framework.EchoService, 80, annotations)) + + assertSslClientCertificateConfig(f, host, "on", "1") + + f.HTTPTestClientWithTLSConfig(clientConfig). + GET("/"). + WithURL(f.GetURL(framework.HTTPS)). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + }) }) func assertSslClientCertificateConfig(f *framework.Framework, host string, verifyClient string, verifyDepth string) { From 2e1a4790bb09232dc135d92b6633680bbbacb862 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sat, 16 Apr 2022 10:07:10 +0530 Subject: [PATCH 057/494] changed nginx base img tag to img built with alpine3.14.6 (#8479) --- Makefile | 2 +- .../customization/custom-errors/custom-default-backend.yaml | 2 +- images/echo/Makefile | 2 +- images/nginx/README.md | 2 +- images/nginx/rc.yaml | 2 +- images/test-runner/Makefile | 2 +- test/e2e/framework/deployment.go | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 58a3e95c5..935035e27 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,7 @@ endif REGISTRY ?= gcr.io/k8s-staging-ingress-nginx -BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 +BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5 GOARCH=$(ARCH) diff --git a/docs/examples/customization/custom-errors/custom-default-backend.yaml b/docs/examples/customization/custom-errors/custom-default-backend.yaml index 4b40d36e7..70dc91681 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml @@ -36,7 +36,7 @@ spec: spec: containers: - name: nginx-error-server - image: k8s.gcr.io/ingress-nginx/nginx-errors:0.48.1 + image: k8s.gcr.io/ingress-nginx/nginx-errors:0.49.0 ports: - containerPort: 8080 # Setting the environment variable DEBUG we can see the headers sent diff --git a/images/echo/Makefile b/images/echo/Makefile index 01d532731..e4f3d7861 100644 --- a/images/echo/Makefile +++ b/images/echo/Makefile @@ -36,7 +36,7 @@ build: ensure-buildx --platform=${PLATFORMS} $(OUTPUT) \ --progress=$(PROGRESS) \ --pull \ - --build-arg BASE_IMAGE=k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 \ + --build-arg BASE_IMAGE=k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5 \ --build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ -t $(IMAGE):$(TAG) rootfs diff --git a/images/nginx/README.md b/images/nginx/README.md index 8bd1469dd..58323cdd0 100644 --- a/images/nginx/README.md +++ b/images/nginx/README.md @@ -20,6 +20,6 @@ This image provides a default configuration file with no backend servers. _Using docker_ ```console -docker run -v /some/nginx.conf:/etc/nginx/nginx.conf:ro k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 +docker run -v /some/nginx.conf:/etc/nginx/nginx.conf:ro k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5 ``` diff --git a/images/nginx/rc.yaml b/images/nginx/rc.yaml index cf9c59d15..43dbff1a6 100644 --- a/images/nginx/rc.yaml +++ b/images/nginx/rc.yaml @@ -38,7 +38,7 @@ spec: spec: containers: - name: nginx - image: k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 + image: k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5 ports: - containerPort: 80 - containerPort: 443 diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 038d689b7..e6e047e6c 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -23,7 +23,7 @@ REGISTRY ?= local IMAGE = $(REGISTRY)/e2e-test-runner -NGINX_BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 +NGINX_BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5 # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index ae243255f..4338252ff 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -38,7 +38,7 @@ const SlowEchoService = "slow-echo" const HTTPBinService = "httpbin" // NginxBaseImage use for testing -const NginxBaseImage = "k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180" +const NginxBaseImage = "k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5" type deploymentOptions struct { namespace string From 40b6e61c3aae466d85b54d35046be5f1b8d15a82 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sat, 16 Apr 2022 19:07:10 +0530 Subject: [PATCH 058/494] change tag to v120beta1 (#8480) --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 031636768..ef7975154 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.2.0-beta.0 +v1.2.0-beta.1 From 3598114d4e50c2aebde911a421a2576cb0455557 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sat, 16 Apr 2022 12:52:18 -0300 Subject: [PATCH 059/494] Fix log creation in chroot script (#8481) --- rootfs/chroot.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/rootfs/chroot.sh b/rootfs/chroot.sh index c2ae3d2fa..f0591d062 100755 --- a/rootfs/chroot.sh +++ b/rootfs/chroot.sh @@ -43,7 +43,6 @@ done mkdir -p /chroot/lib /chroot/proc /chroot/usr /chroot/bin /chroot/dev /chroot/run cp /etc/passwd /etc/group /chroot/etc/ cp -a /usr/* /chroot/usr/ -mv /var/log/nginx /chroot/var/log/ cp -a /etc/nginx/* /chroot/etc/nginx/ cp /lib/ld-musl-* /lib/libcrypto* /lib/libssl* /lib/libz* /chroot/lib/ mknod -m 0666 /chroot/dev/null c 1 3 From ef0ec5f05239609ea8a9a2dda49d96f6ece5189b Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 17 Apr 2022 17:20:41 -0300 Subject: [PATCH 060/494] Release chart v1.2.0-beta.1 (#8484) --- charts/ingress-nginx/Chart.yaml | 10 +++++++--- charts/ingress-nginx/README.md | 8 ++++---- charts/ingress-nginx/values.yaml | 6 +++--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index fdd9af270..fbcf06cd5 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.1.0-beta.0 -appVersion: 1.2.0-beta.0 +version: 4.1.0-beta.1 +appVersion: 1.2.0-beta.1 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -26,10 +26,14 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | + - "Image and libraries updated" + - "#8319 Upstream keepalive time" + - "#8434 added new auth-tls-match-cn annotation" + - "#8481 Fix log creation in chroot script" - "#8426 Bump github.com/prometheus/common from 0.32.1 to 0.33.0" - "#8444 replace deprecated topology key in example with current one" - "#8446 Fix suggested annotation-value-word-blocklist" - - "#8219 Add keepalive support for auth requests" + - "#8219 Add keepalive support for auth requests" - "#8337 Jail/chroot nginx process inside controller container" - "#8455 Update dependencies" - "#8456 Implement object deep inspector" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index d34943edd..b0e9b40cb 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.1.0-beta.0](https://img.shields.io/badge/Version-4.1.0--beta.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0-beta.0](https://img.shields.io/badge/AppVersion-1.2.0--beta.0-informational?style=flat-square) +![Version: 4.1.0-beta.1](https://img.shields.io/badge/Version-4.1.0--beta.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0-beta.1](https://img.shields.io/badge/AppVersion-1.2.0--beta.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -307,13 +307,13 @@ Kubernetes: `>=1.19.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:92115f5062568ebbcd450cd2cf9bffdef8df9fc61e7d5868ba8a7c9d773e0961"` | | -| controller.image.digestChroot | string | `"sha256:0082f0f547b147a30ad85a5d6d2ceb3edbf0848b2008ed754365b6678bdea9a5"` | | +| controller.image.digest | string | `"sha256:7059739637c30865f74cae403fffa55c2cb6d9779cd15654480dd0e4f850d536"` | | +| controller.image.digestChroot | string | `"sha256:5344d8367295be743703f19eea137e7a3253efc2d0ec8aee131b85d3258f9780"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"k8s.gcr.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.2.0-beta.0"` | | +| controller.image.tag | string | `"v1.2.0-beta.1"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index d3d2ef693..674e1f4c9 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.2.0-beta.0" - digest: sha256:92115f5062568ebbcd450cd2cf9bffdef8df9fc61e7d5868ba8a7c9d773e0961 - digestChroot: sha256:0082f0f547b147a30ad85a5d6d2ceb3edbf0848b2008ed754365b6678bdea9a5 + tag: "v1.2.0-beta.1" + digest: sha256:7059739637c30865f74cae403fffa55c2cb6d9779cd15654480dd0e4f850d536 + digestChroot: sha256:5344d8367295be743703f19eea137e7a3253efc2d0ec8aee131b85d3258f9780 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 From aa813972cbc290e44e57de6718a6ca910a7b5b25 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 17 Apr 2022 19:26:41 -0300 Subject: [PATCH 061/494] Promote Jintao to maintainer (#8485) --- OWNERS_ALIASES | 1 + 1 file changed, 1 insertion(+) diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 286a0d998..04b495b6b 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -15,6 +15,7 @@ aliases: - ElvinEfendi - rikatz - strongjz + - tao12345666333 ingress-nginx-reviewers: - ElvinEfendi From a2514768cd282c41f39ab06bda17efefc4bd233a Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Wed, 20 Apr 2022 23:55:43 +0530 Subject: [PATCH 062/494] changed tag to v1.2.0 (#8490) --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index ef7975154..79127d85a 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.2.0-beta.1 +v1.2.0 From 072da9a6651fdbc1e1b2edc611be2dd5c8ca98be Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Thu, 21 Apr 2022 03:40:57 +0530 Subject: [PATCH 063/494] bump helm helm-docs kustomize to fix failing ci (#8492) --- .github/workflows/ci.yaml | 2 +- hack/.tool-versions | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 69972eb51..e82d55134 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -146,7 +146,7 @@ jobs: - name: Run helm-docs run: | - GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.6.0 + GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.8.1 ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md) if [ ! -z "$DIFF" ]; then diff --git a/hack/.tool-versions b/hack/.tool-versions index 5baa8790a..4bd118c7b 100644 --- a/hack/.tool-versions +++ b/hack/.tool-versions @@ -1,2 +1,2 @@ -kustomize 4.1.3 -helm 3.7.1 +kustomize 4.5.4 +helm 3.8.2 From 6d9a39eda7b180f27b34726d7a7a96d73808ce75 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 22 Apr 2022 08:06:13 +0530 Subject: [PATCH 064/494] changes for release v1.2.0 (#8491) --- Changelog.md | 35 ++++++++ README.md | 1 + RELEASE.md | 24 ++++-- charts/ingress-nginx/CHANGELOG.md | 81 +++++++++++-------- charts/ingress-nginx/Chart.yaml | 32 ++++---- charts/ingress-nginx/README.md | 14 ++-- charts/ingress-nginx/values.yaml | 14 ++-- deploy/static/provider/aws/1.19/deploy.yaml | 42 +++++----- deploy/static/provider/aws/1.20/deploy.yaml | 42 +++++----- deploy/static/provider/aws/1.21/deploy.yaml | 42 +++++----- deploy/static/provider/aws/1.22/deploy.yaml | 42 +++++----- deploy/static/provider/aws/1.23/deploy.yaml | 42 +++++----- deploy/static/provider/aws/deploy.yaml | 42 +++++----- .../nlb-with-tls-termination/1.19/deploy.yaml | 42 +++++----- .../nlb-with-tls-termination/1.20/deploy.yaml | 42 +++++----- .../nlb-with-tls-termination/1.21/deploy.yaml | 42 +++++----- .../nlb-with-tls-termination/1.22/deploy.yaml | 42 +++++----- .../nlb-with-tls-termination/1.23/deploy.yaml | 42 +++++----- .../aws/nlb-with-tls-termination/deploy.yaml | 42 +++++----- .../provider/baremetal/1.19/deploy.yaml | 42 +++++----- .../provider/baremetal/1.20/deploy.yaml | 42 +++++----- .../provider/baremetal/1.21/deploy.yaml | 42 +++++----- .../provider/baremetal/1.22/deploy.yaml | 42 +++++----- .../provider/baremetal/1.23/deploy.yaml | 42 +++++----- deploy/static/provider/baremetal/deploy.yaml | 42 +++++----- deploy/static/provider/cloud/1.19/deploy.yaml | 42 +++++----- deploy/static/provider/cloud/1.20/deploy.yaml | 42 +++++----- deploy/static/provider/cloud/1.21/deploy.yaml | 42 +++++----- deploy/static/provider/cloud/1.22/deploy.yaml | 42 +++++----- deploy/static/provider/cloud/1.23/deploy.yaml | 42 +++++----- deploy/static/provider/cloud/deploy.yaml | 42 +++++----- deploy/static/provider/do/1.19/deploy.yaml | 42 +++++----- deploy/static/provider/do/1.20/deploy.yaml | 42 +++++----- deploy/static/provider/do/1.21/deploy.yaml | 42 +++++----- deploy/static/provider/do/1.22/deploy.yaml | 42 +++++----- deploy/static/provider/do/1.23/deploy.yaml | 42 +++++----- deploy/static/provider/do/deploy.yaml | 42 +++++----- .../static/provider/exoscale/1.19/deploy.yaml | 42 +++++----- .../static/provider/exoscale/1.20/deploy.yaml | 42 +++++----- .../static/provider/exoscale/1.21/deploy.yaml | 42 +++++----- .../static/provider/exoscale/1.22/deploy.yaml | 42 +++++----- .../static/provider/exoscale/1.23/deploy.yaml | 42 +++++----- deploy/static/provider/exoscale/deploy.yaml | 42 +++++----- deploy/static/provider/kind/1.19/deploy.yaml | 42 +++++----- deploy/static/provider/kind/1.20/deploy.yaml | 42 +++++----- deploy/static/provider/kind/1.21/deploy.yaml | 42 +++++----- deploy/static/provider/kind/1.22/deploy.yaml | 42 +++++----- deploy/static/provider/kind/1.23/deploy.yaml | 42 +++++----- deploy/static/provider/kind/deploy.yaml | 42 +++++----- deploy/static/provider/scw/1.19/deploy.yaml | 42 +++++----- deploy/static/provider/scw/1.20/deploy.yaml | 42 +++++----- deploy/static/provider/scw/1.21/deploy.yaml | 42 +++++----- deploy/static/provider/scw/1.22/deploy.yaml | 42 +++++----- deploy/static/provider/scw/1.23/deploy.yaml | 42 +++++----- deploy/static/provider/scw/deploy.yaml | 42 +++++----- docs/deploy/index.md | 20 ++--- images/httpbin/rootfs/Dockerfile | 2 +- test/e2e-image/Dockerfile | 2 +- 58 files changed, 1154 insertions(+), 1087 deletions(-) diff --git a/Changelog.md b/Changelog.md index 8921ee6c4..687ae51f7 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,40 @@ # Changelog +### 1.2.0 + +Image: +- k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 +- k8s.gcr.io/ingress-nginx/controller-chroot:v1.2.0@sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5 + +This minor version release, introduces 2 breaking changes. For the first time, an option to jail/chroot the nginx process, inside the controller container, is being introduced.. This provides an additional layer of security, for sensitive information like K8S serviceaccounts. This release also brings a special new feature of deep inspection into objects. The inspection is a walk through of all the spec, checking for possible attempts to escape configs. Currently such an inspection only occurs for `networking.Ingress`. Additionally there are fixes for the recently announced CVEs on busybox & ssl_client. And there is a fix to a recently introduced redirection related bug, that was setting the protocol on URLs to "nil". + +_Changes:_ + +- [8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script +- [8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6 +- [8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod +- [8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty +- [8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector +- [8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies +- [8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md +- [8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing +- [8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist +- [8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one +- [8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement +- [8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation +- [8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0 +- [8417](https://github.com/kubernetes/ingress-nginx/pull/8417) force helm release to artifact hub +- [8405](https://github.com/kubernetes/ingress-nginx/pull/8405) kubectl-plugin code overview info +- [8399](https://github.com/kubernetes/ingress-nginx/pull/8399) Darwin arm64 +- [8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement +- [8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one +- [8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist +- [8219](https://github.com/kubernetes/ingress-nginx/pull/8219) Add keepalive support for auth requests +- [8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies +- [8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector +- [8325](https://github.com/kubernetes/ingress-nginx/pull/8325) Fix for buggy ingress sync with retries +- [8322](https://github.com/kubernetes/ingress-nginx/pull/8322) Improve req handling dashboard + ### 1.2.0-beta.0 **Image:** diff --git a/README.md b/README.md index c653e4c70..8ce3222a9 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.2.0 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | | v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | | v1.1.2 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | v1.1.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | diff --git a/RELEASE.md b/RELEASE.md index f954199a2..2d8e141aa 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -173,10 +173,10 @@ Promoting the images basically means that images, that were pushed to staging co - Run the below command and save the output to a txt file ``` - gh pr list -s merged -L 38 -B main | cut -f1,2 > ~/tmp/prlist.txt + gh pr list -s merged -L 38 -B main | cut -f1,2 | tee ~/Downloads/prlist.txt ``` - The -L 38 was used for 2 reasons. - - Default number of results is 30 and there were more than 30 PRs merged while releasing v1.1.1. + - Default number of results is 30 and there were more than 30 PRs merged while releasing v1.1.1. If you see the current/soon-to-be-old changelog, you can look at the most recent PR number that has been accounted for already, and start from after that last accounted for PR. - The other reason to use -L 38 was to ommit the 39th, the 40th and the 41st line in the resulting list. These were non-relevant PRs. - If you save the output of above command to a file called prlist.txt. It looks somewhat like this ; @@ -190,8 +190,8 @@ Promoting the images basically means that images, that were pushed to staging co 8115 chart/ghaction: set the correct permission to have access to push a release .... ``` - You can delete the lines, that refer to PRs of the release process itself. We only need to list the feature/bugfix PRs. - - Now you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, its possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links. + You can delete the lines, that refer to PRs of the release process itself. We only need to list the feature/bugfix PRs. You can also delete the lines that are housekeeping or not really worth mentioning in the changelog. + - you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, its possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links. ``` #!/usr/bin/bash @@ -204,11 +204,25 @@ Promoting the images basically means that images, that were pushed to staging co echo "[$pr_num](https://github.com/kubernetes/ingress-nginx/pull/$pr_num) $pr_title" done <$file + ``` + - There was a parsing issue and path issue on MacOS, so above scrpt had to be modified and MacOS monterey compatible script is below ; + + ``` + #!/bin/bash + + file="$1" + + while read -r line; do + pr_num=`echo "$line" | cut -f1` + pr_title=`echo "$line" | cut -f2` + echo \""[$pr_num](https://github.com/kubernetes/ingress-nginx/pull/$pr_num) $pr_title"\" + done <$file + ``` - If you saved the bash script content above, in a file like `$HOME/bin/prlist_to_changelog.sh`, then you could execute a command like this to get your prlist in a text file called changelog_content.txt;` ``` - prlist_to_changelog.sh prlist.txt > /tmp/changelog_content.txt` + prlist_to_changelog.sh ~/Downloads/prlist.txt | tee ~/Downloads//changelog_content.txt` ``` ### d. Edit the values.yaml and run helm-docs diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index f3f44c336..8282972d4 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -2,39 +2,56 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 4.1.0 + +- "[8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script" +- "[8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6" +- "[8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod" +- "[8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty" +- "[8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector" +- "[8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies" +- "[8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md" +- "[8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing" +- "[8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist" +- "[8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one" +- "[8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement" +- "[8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation" +- "[8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0" + ### 4.0.18 -"[8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build" -"[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build" -"[8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge" -"[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241" -"[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts" -"[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error" -"[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation" -"[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric" -"[8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code." -"[8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image" -"[8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests" -"[8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint" -"[8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1" -"[8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0" -"[8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint" -"[8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial" -"[8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera" -"[8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment" -"[8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation" -"[8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell" -"[8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor" -"[8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations" -"[8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0" -"[8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account" -"[8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description" -"[8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests" -"[8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values" -"[8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1" -"[8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs" -"[8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits" -"[8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations" -"[8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT" + +- "[8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build" +- "[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build" +- "[8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge" +- "[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241" +- "[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts" +- "[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error" +- "[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation" +- "[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric" +- "[8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code." +- "[8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image" +- "[8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests" +- "[8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint" +- "[8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1" +- "[8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0" +- "[8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint" +- "[8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial" +- "[8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera" +- "[8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment" +- "[8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation" +- "[8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell" +- "[8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor" +- "[8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations" +- "[8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0" +- "[8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account" +- "[8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description" +- "[8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests" +- "[8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values" +- "[8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1" +- "[8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs" +- "[8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits" +- "[8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations" +- "[8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT" ### 4.0.15 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index fbcf06cd5..2c76500dd 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.1.0-beta.1 -appVersion: 1.2.0-beta.1 +version: 4.1.0 +appVersion: 1.2.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -22,20 +22,20 @@ kubeVersion: ">=1.19.0-0" annotations: # Use this annotation to indicate that this chart version is a pre-release. # https://artifacthub.io/docs/topics/annotations/helm/ - artifacthub.io/prerelease: "true" + artifacthub.io/prerelease: "false" # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "Image and libraries updated" - - "#8319 Upstream keepalive time" - - "#8434 added new auth-tls-match-cn annotation" - - "#8481 Fix log creation in chroot script" - - "#8426 Bump github.com/prometheus/common from 0.32.1 to 0.33.0" - - "#8444 replace deprecated topology key in example with current one" - - "#8446 Fix suggested annotation-value-word-blocklist" - - "#8219 Add keepalive support for auth requests" - - "#8337 Jail/chroot nginx process inside controller container" - - "#8455 Update dependencies" - - "#8456 Implement object deep inspector" - - "#8325 Fix for buggy ingress sync with retries" - - "#8322 Improve req handling dashboard" + - "[8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script" + - "[8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6" + - "[8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod" + - "[8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty" + - "[8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector" + - "[8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies" + - "[8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md" + - "[8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing" + - "[8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist" + - "[8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one" + - "[8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement" + - "[8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation" + - "[8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index b0e9b40cb..b0aef6678 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.1.0-beta.1](https://img.shields.io/badge/Version-4.1.0--beta.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0-beta.1](https://img.shields.io/badge/AppVersion-1.2.0--beta.1-informational?style=flat-square) +![Version: 4.1.0](https://img.shields.io/badge/Version-4.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -307,13 +307,13 @@ Kubernetes: `>=1.19.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:7059739637c30865f74cae403fffa55c2cb6d9779cd15654480dd0e4f850d536"` | | -| controller.image.digestChroot | string | `"sha256:5344d8367295be743703f19eea137e7a3253efc2d0ec8aee131b85d3258f9780"` | | +| controller.image.digest | string | `"sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185"` | | +| controller.image.digestChroot | string | `"sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"k8s.gcr.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.2.0-beta.1"` | | +| controller.image.tag | string | `"v1.2.0"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | @@ -411,7 +411,7 @@ Kubernetes: `>=1.19.0-0` | controller.service.targetPorts.http | string | `"http"` | | | controller.service.targetPorts.https | string | `"https"` | | | controller.service.type | string | `"LoadBalancer"` | | -| controller.shareProcessNamespace | bool | `false` | This can be used for example to signal log rotation using `kill -USR1` from a sidecar. | +| controller.shareProcessNamespace | bool | `false` | | | controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | | controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | | controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) | @@ -484,6 +484,6 @@ Kubernetes: `>=1.19.0-0` | serviceAccount.automountServiceAccountToken | bool | `true` | | | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | -| tcp | object | `{}` | TCP service key:value pairs | -| udp | object | `{}` | UDP service key:value pairs | +| tcp | object | `{}` | TCP service key-value pairs | +| udp | object | `{}` | UDP service key-value pairs | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 674e1f4c9..e6e21e1ad 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.2.0-beta.1" - digest: sha256:7059739637c30865f74cae403fffa55c2cb6d9779cd15654480dd0e4f850d536 - digestChroot: sha256:5344d8367295be743703f19eea137e7a3253efc2d0ec8aee131b85d3258f9780 + tag: "v1.2.0" + digest: sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + digestChroot: sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 @@ -578,8 +578,8 @@ controller: extraModules: [] ## Modules, which are mounted into the core nginx image - # - name: opentelemetry:v20220331-controller-v1.1.2-36-g7517b7ecf@sha256:e3f635474b5da24ccd0ea6b078fb190dae68b8b4a44b52bea19ec2561f0102ec - # image: k8s.gcr.io/ingress-nginx/opentelemetry: + # - name: opentelemetry + # image: k8s.gcr.io/ingress-nginx/opentelemetry:v20220415-controller-v1.2.0-beta.0-2-g81c2afd97@sha256:ce61e2cf0b347dffebb2dcbf57c33891d2217c1bad9c0959c878e5be671ef941 # # The image must contain a `/usr/local/bin/init_module.sh` executable, which # will be executed as initContainers, to move its config files within the @@ -908,13 +908,13 @@ serviceAccount: imagePullSecrets: [] # - name: secretName -# -- TCP service key:value pairs +# -- TCP service key-value pairs ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md ## tcp: {} # 8080: "default/example-tcp-svc:9000" -# -- UDP service key:value pairs +# -- UDP service key-value pairs ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md ## udp: {} diff --git a/deploy/static/provider/aws/1.19/deploy.yaml b/deploy/static/provider/aws/1.19/deploy.yaml index 30d40e77b..2418f570a 100644 --- a/deploy/static/provider/aws/1.19/deploy.yaml +++ b/deploy/static/provider/aws/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -371,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +483,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +494,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +530,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +541,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.20/deploy.yaml b/deploy/static/provider/aws/1.20/deploy.yaml index 0afe26fa2..ec3da5e2a 100644 --- a/deploy/static/provider/aws/1.20/deploy.yaml +++ b/deploy/static/provider/aws/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -351,7 +351,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -374,7 +374,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -486,7 +486,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -497,7 +497,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -533,7 +533,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -544,7 +544,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -582,7 +582,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -595,7 +595,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.21/deploy.yaml b/deploy/static/provider/aws/1.21/deploy.yaml index b73d21f8f..d60a4231d 100644 --- a/deploy/static/provider/aws/1.21/deploy.yaml +++ b/deploy/static/provider/aws/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -354,7 +354,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +489,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +500,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +536,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +547,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +585,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +598,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.22/deploy.yaml b/deploy/static/provider/aws/1.22/deploy.yaml index b73d21f8f..d60a4231d 100644 --- a/deploy/static/provider/aws/1.22/deploy.yaml +++ b/deploy/static/provider/aws/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -354,7 +354,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +489,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +500,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +536,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +547,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +585,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +598,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.23/deploy.yaml b/deploy/static/provider/aws/1.23/deploy.yaml index b73d21f8f..d60a4231d 100644 --- a/deploy/static/provider/aws/1.23/deploy.yaml +++ b/deploy/static/provider/aws/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -354,7 +354,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +489,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +500,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +536,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +547,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +585,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +598,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 0afe26fa2..ec3da5e2a 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -351,7 +351,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -374,7 +374,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -486,7 +486,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -497,7 +497,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -533,7 +533,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -544,7 +544,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -582,7 +582,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -595,7 +595,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml index e2232bd6e..fd51f29f3 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -358,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -380,7 +380,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -420,7 +420,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +495,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +506,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +542,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +553,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml index 07be32ffe..befb2856f 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +360,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +383,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -498,7 +498,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -509,7 +509,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -545,7 +545,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -556,7 +556,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -607,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml index d86ddc4fd..59f098d43 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -426,7 +426,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -501,7 +501,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -512,7 +512,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -559,7 +559,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -610,7 +610,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml index d86ddc4fd..59f098d43 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -426,7 +426,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -501,7 +501,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -512,7 +512,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -559,7 +559,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -610,7 +610,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml index d86ddc4fd..59f098d43 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -426,7 +426,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -501,7 +501,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -512,7 +512,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -559,7 +559,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -610,7 +610,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 07be32ffe..befb2856f 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +360,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +383,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -498,7 +498,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -509,7 +509,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -545,7 +545,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -556,7 +556,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -607,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.19/deploy.yaml b/deploy/static/provider/baremetal/1.19/deploy.yaml index 49c11b1bd..34e59b0e8 100644 --- a/deploy/static/provider/baremetal/1.19/deploy.yaml +++ b/deploy/static/provider/baremetal/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -366,7 +366,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -405,7 +405,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -477,7 +477,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -488,7 +488,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -524,7 +524,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -535,7 +535,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -586,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.20/deploy.yaml b/deploy/static/provider/baremetal/1.20/deploy.yaml index aa9898d99..c15db447e 100644 --- a/deploy/static/provider/baremetal/1.20/deploy.yaml +++ b/deploy/static/provider/baremetal/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -346,7 +346,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -369,7 +369,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -408,7 +408,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -480,7 +480,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -491,7 +491,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -527,7 +527,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -538,7 +538,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -576,7 +576,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -589,7 +589,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.21/deploy.yaml b/deploy/static/provider/baremetal/1.21/deploy.yaml index c101d538b..fc13865cb 100644 --- a/deploy/static/provider/baremetal/1.21/deploy.yaml +++ b/deploy/static/provider/baremetal/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +483,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +494,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +530,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +541,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.22/deploy.yaml b/deploy/static/provider/baremetal/1.22/deploy.yaml index c101d538b..fc13865cb 100644 --- a/deploy/static/provider/baremetal/1.22/deploy.yaml +++ b/deploy/static/provider/baremetal/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +483,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +494,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +530,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +541,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.23/deploy.yaml b/deploy/static/provider/baremetal/1.23/deploy.yaml index c101d538b..fc13865cb 100644 --- a/deploy/static/provider/baremetal/1.23/deploy.yaml +++ b/deploy/static/provider/baremetal/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +483,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +494,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +530,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +541,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index aa9898d99..c15db447e 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -346,7 +346,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -369,7 +369,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -408,7 +408,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -480,7 +480,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -491,7 +491,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -527,7 +527,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -538,7 +538,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -576,7 +576,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -589,7 +589,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.19/deploy.yaml b/deploy/static/provider/cloud/1.19/deploy.yaml index f6000c6a6..a495871bc 100644 --- a/deploy/static/provider/cloud/1.19/deploy.yaml +++ b/deploy/static/provider/cloud/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -345,7 +345,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -367,7 +367,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -407,7 +407,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -479,7 +479,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -490,7 +490,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -526,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -537,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -575,7 +575,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -588,7 +588,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.20/deploy.yaml b/deploy/static/provider/cloud/1.20/deploy.yaml index d87b1331d..da818cd3a 100644 --- a/deploy/static/provider/cloud/1.20/deploy.yaml +++ b/deploy/static/provider/cloud/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -347,7 +347,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -370,7 +370,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +482,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +493,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +578,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.21/deploy.yaml b/deploy/static/provider/cloud/1.21/deploy.yaml index a1f096f6b..f1f62d478 100644 --- a/deploy/static/provider/cloud/1.21/deploy.yaml +++ b/deploy/static/provider/cloud/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.22/deploy.yaml b/deploy/static/provider/cloud/1.22/deploy.yaml index a1f096f6b..f1f62d478 100644 --- a/deploy/static/provider/cloud/1.22/deploy.yaml +++ b/deploy/static/provider/cloud/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.23/deploy.yaml b/deploy/static/provider/cloud/1.23/deploy.yaml index a1f096f6b..f1f62d478 100644 --- a/deploy/static/provider/cloud/1.23/deploy.yaml +++ b/deploy/static/provider/cloud/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index d87b1331d..da818cd3a 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -347,7 +347,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -370,7 +370,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +482,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +493,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +578,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.19/deploy.yaml b/deploy/static/provider/do/1.19/deploy.yaml index e746a93db..3bfe98c0b 100644 --- a/deploy/static/provider/do/1.19/deploy.yaml +++ b/deploy/static/provider/do/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -348,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -370,7 +370,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +482,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +493,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +578,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.20/deploy.yaml b/deploy/static/provider/do/1.20/deploy.yaml index 815e70374..a1782f46e 100644 --- a/deploy/static/provider/do/1.20/deploy.yaml +++ b/deploy/static/provider/do/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.21/deploy.yaml b/deploy/static/provider/do/1.21/deploy.yaml index df2dce367..8c03f618e 100644 --- a/deploy/static/provider/do/1.21/deploy.yaml +++ b/deploy/static/provider/do/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.22/deploy.yaml b/deploy/static/provider/do/1.22/deploy.yaml index df2dce367..8c03f618e 100644 --- a/deploy/static/provider/do/1.22/deploy.yaml +++ b/deploy/static/provider/do/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.23/deploy.yaml b/deploy/static/provider/do/1.23/deploy.yaml index df2dce367..8c03f618e 100644 --- a/deploy/static/provider/do/1.23/deploy.yaml +++ b/deploy/static/provider/do/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 815e70374..a1782f46e 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.19/deploy.yaml b/deploy/static/provider/exoscale/1.19/deploy.yaml index 61e084249..6163bae12 100644 --- a/deploy/static/provider/exoscale/1.19/deploy.yaml +++ b/deploy/static/provider/exoscale/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -355,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +489,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +500,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +536,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +547,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +585,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +598,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.20/deploy.yaml b/deploy/static/provider/exoscale/1.20/deploy.yaml index e3712ce33..92c83ab31 100644 --- a/deploy/static/provider/exoscale/1.20/deploy.yaml +++ b/deploy/static/provider/exoscale/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -357,7 +357,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -380,7 +380,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -420,7 +420,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -492,7 +492,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -503,7 +503,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -539,7 +539,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -550,7 +550,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -588,7 +588,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -601,7 +601,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.21/deploy.yaml b/deploy/static/provider/exoscale/1.21/deploy.yaml index 7c214d0f0..0c754baf1 100644 --- a/deploy/static/provider/exoscale/1.21/deploy.yaml +++ b/deploy/static/provider/exoscale/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +360,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +383,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +495,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +506,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +542,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +553,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.22/deploy.yaml b/deploy/static/provider/exoscale/1.22/deploy.yaml index 7c214d0f0..0c754baf1 100644 --- a/deploy/static/provider/exoscale/1.22/deploy.yaml +++ b/deploy/static/provider/exoscale/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +360,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +383,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +495,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +506,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +542,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +553,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.23/deploy.yaml b/deploy/static/provider/exoscale/1.23/deploy.yaml index 7c214d0f0..0c754baf1 100644 --- a/deploy/static/provider/exoscale/1.23/deploy.yaml +++ b/deploy/static/provider/exoscale/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +360,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +383,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +495,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +506,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +542,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +553,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index e3712ce33..92c83ab31 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -357,7 +357,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -380,7 +380,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -420,7 +420,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -492,7 +492,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -503,7 +503,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -539,7 +539,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -550,7 +550,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -588,7 +588,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -601,7 +601,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.19/deploy.yaml b/deploy/static/provider/kind/1.19/deploy.yaml index 8122b831c..c61bcf9cd 100644 --- a/deploy/static/provider/kind/1.19/deploy.yaml +++ b/deploy/static/provider/kind/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -366,7 +366,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -490,7 +490,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -501,7 +501,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -537,7 +537,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -548,7 +548,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -586,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -599,7 +599,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.20/deploy.yaml b/deploy/static/provider/kind/1.20/deploy.yaml index 934c81a01..cda06a589 100644 --- a/deploy/static/provider/kind/1.20/deploy.yaml +++ b/deploy/static/provider/kind/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -346,7 +346,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -369,7 +369,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -493,7 +493,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -504,7 +504,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -540,7 +540,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -551,7 +551,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -589,7 +589,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -602,7 +602,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.21/deploy.yaml b/deploy/static/provider/kind/1.21/deploy.yaml index 6d3e5ba7a..b3fac9bea 100644 --- a/deploy/static/provider/kind/1.21/deploy.yaml +++ b/deploy/static/provider/kind/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -496,7 +496,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -507,7 +507,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -543,7 +543,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -554,7 +554,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -605,7 +605,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.22/deploy.yaml b/deploy/static/provider/kind/1.22/deploy.yaml index 6d3e5ba7a..b3fac9bea 100644 --- a/deploy/static/provider/kind/1.22/deploy.yaml +++ b/deploy/static/provider/kind/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -496,7 +496,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -507,7 +507,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -543,7 +543,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -554,7 +554,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -605,7 +605,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.23/deploy.yaml b/deploy/static/provider/kind/1.23/deploy.yaml index 6d3e5ba7a..b3fac9bea 100644 --- a/deploy/static/provider/kind/1.23/deploy.yaml +++ b/deploy/static/provider/kind/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -496,7 +496,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -507,7 +507,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -543,7 +543,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -554,7 +554,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -605,7 +605,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 934c81a01..cda06a589 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -346,7 +346,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -369,7 +369,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -493,7 +493,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -504,7 +504,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -540,7 +540,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -551,7 +551,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -589,7 +589,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -602,7 +602,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.19/deploy.yaml b/deploy/static/provider/scw/1.19/deploy.yaml index d8dc86368..f7721046b 100644 --- a/deploy/static/provider/scw/1.19/deploy.yaml +++ b/deploy/static/provider/scw/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -348,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -370,7 +370,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +482,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +493,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +578,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.20/deploy.yaml b/deploy/static/provider/scw/1.20/deploy.yaml index 19bfb55a8..45f9f37ec 100644 --- a/deploy/static/provider/scw/1.20/deploy.yaml +++ b/deploy/static/provider/scw/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.21/deploy.yaml b/deploy/static/provider/scw/1.21/deploy.yaml index 25a56f11a..a7b7b9f3f 100644 --- a/deploy/static/provider/scw/1.21/deploy.yaml +++ b/deploy/static/provider/scw/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.22/deploy.yaml b/deploy/static/provider/scw/1.22/deploy.yaml index 25a56f11a..a7b7b9f3f 100644 --- a/deploy/static/provider/scw/1.22/deploy.yaml +++ b/deploy/static/provider/scw/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.23/deploy.yaml b/deploy/static/provider/scw/1.23/deploy.yaml index 25a56f11a..a7b7b9f3f 100644 --- a/deploy/static/provider/scw/1.23/deploy.yaml +++ b/deploy/static/provider/scw/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 19bfb55a8..45f9f37ec 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 + app.kubernetes.io/version: 1.2.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index b78675ff4..283513ac7 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -51,7 +51,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -186,17 +186,17 @@ In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controll ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -238,7 +238,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -252,7 +252,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml ``` More information with regards to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -260,13 +260,13 @@ More information with regards to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/do/deploy.yaml ``` #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -280,7 +280,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml ``` A [complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation. @@ -292,7 +292,7 @@ This section is applicable to Kubernetes clusters deployed on bare metal servers For quick testing, you can use a [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), see [bare-metal considerations](./baremetal.md). diff --git a/images/httpbin/rootfs/Dockerfile b/images/httpbin/rootfs/Dockerfile index 9ef9ccc2b..113aaaa0d 100644 --- a/images/httpbin/rootfs/Dockerfile +++ b/images/httpbin/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.13 +FROM alpine:3.14.6 ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index c8a07f294..15f8392a7 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,4 +1,4 @@ -FROM k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220331-controller-v1.1.2-31-gf1cb2b73c@sha256:baa326f5c726d65be828852943a259c1f0572883590b9081b7e8fa982d64d96e AS BASE +FROM k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220416-controller-v1.2.0-beta.0-4-g2e1a4790b@sha256:4468eb8cc9aa0ec3971ddf3811efe363e6f8e9082e95b567a5c27d91f89fb1e3 AS BASE FROM alpine:3.14.6 From 4cc0099eeefe7d0bfdf2e8db5955e78c229948d6 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 1 May 2022 17:13:24 -0300 Subject: [PATCH 065/494] Remove dind in ci tests (#8529) --- build/run-in-docker.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 315756269..ee6c49a04 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -62,10 +62,7 @@ else PLATFORM_FLAG= fi -if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then - /bin/bash -c "${FLAGS}" -else - docker run \ +docker run \ ${PLATFORM_FLAG} ${PLATFORM} \ --tty \ --rm \ @@ -81,4 +78,3 @@ else -w "/go/src/${PKG}" \ -u $(id -u ${USER}):$(id -g ${USER}) \ ${E2E_IMAGE} /bin/bash -c "${FLAGS}" -fi From 5d8b0bf428b9cf03c9489e08e7938aebc82f2747 Mon Sep 17 00:00:00 2001 From: FrodeI Date: Sun, 1 May 2022 22:41:15 +0200 Subject: [PATCH 066/494] Add documentation for controller.service.loadBalancerIP in Helm chart (#8522) --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/values.yaml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index b0aef6678..a78d4d907 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -401,6 +401,7 @@ Kubernetes: `>=1.19.0-0` | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. | | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. | | controller.service.labels | object | `{}` | | +| controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.loadBalancerSourceRanges | list | `[]` | | | controller.service.nodePorts.http | string | `""` | | | controller.service.nodePorts.https | string | `""` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index e6e21e1ad..1a45f734a 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -460,7 +460,8 @@ controller: ## externalIPs: [] - # loadBalancerIP: "" + # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + loadBalancerIP: "" loadBalancerSourceRanges: [] enableHttp: true From 8d2c439fa84f5f74e275180265e9c5d14c5c9915 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 May 2022 14:07:14 -0700 Subject: [PATCH 067/494] Bump k8s.io/component-base from 0.23.5 to 0.23.6 (#8508) Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.23.5 to 0.23.6. - [Release notes](https://github.com/kubernetes/component-base/releases) - [Commits](https://github.com/kubernetes/component-base/compare/v0.23.5...v0.23.6) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 12 ++++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 0a4befb3e..d08c29b30 100644 --- a/go.mod +++ b/go.mod @@ -30,14 +30,14 @@ require ( google.golang.org/grpc v1.44.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.23.5 + k8s.io/api v0.23.6 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.23.5 + k8s.io/apimachinery v0.23.6 k8s.io/apiserver v0.23.5 k8s.io/cli-runtime v0.23.5 - k8s.io/client-go v0.23.5 + k8s.io/client-go v0.23.6 k8s.io/code-generator v0.23.5 - k8s.io/component-base v0.23.5 + k8s.io/component-base v0.23.6 k8s.io/klog/v2 v2.60.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 diff --git a/go.sum b/go.sum index 29455a435..25f3912f0 100644 --- a/go.sum +++ b/go.sum @@ -1128,22 +1128,26 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= +k8s.io/api v0.23.6 h1:yOK34wbYECH4RsJbQ9sfkFK3O7f/DUHRlzFehkqZyVw= +k8s.io/api v0.23.6/go.mod h1:1kFaYxGCFHYp3qd6a85DAj/yW8aVD6XLZMqJclkoi9g= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= -k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= +k8s.io/apimachinery v0.23.6 h1:RH1UweWJkWNTlFx0D8uxOpaU1tjIOvVVWV/bu5b3/NQ= +k8s.io/apimachinery v0.23.6/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apiserver v0.23.5 h1:2Ly8oUjz5cnZRn1YwYr+aFgDZzUmEVL9RscXbnIeDSE= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/cli-runtime v0.23.5 h1:Z7XUpGoJZYZB2uNjQfJjMbyDKyVkoBGye62Ap0sWQHY= k8s.io/cli-runtime v0.23.5/go.mod h1:oY6QDF2qo9xndSq32tqcmRp2UyXssdGrLfjAVymgbx4= -k8s.io/client-go v0.23.5 h1:zUXHmEuqx0RY4+CsnkOn5l0GU+skkRXKGJrhmE2SLd8= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= +k8s.io/client-go v0.23.6 h1:7h4SctDVQAQbkHQnR4Kzi7EyUyvla5G1pFWf4+Od7hQ= +k8s.io/client-go v0.23.6/go.mod h1:Umt5icFOMLV/+qbtZ3PR0D+JA6lvvb3syzodv4irpK4= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= -k8s.io/component-base v0.23.5 h1:8qgP5R6jG1BBSXmRYW+dsmitIrpk8F/fPEvgDenMCCE= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= +k8s.io/component-base v0.23.6 h1:8dhVZ4VrRcNdV2EGjl8tj8YOHwX6ysgCGMJ2Oyy0NW8= +k8s.io/component-base v0.23.6/go.mod h1:FGMPeMrjYu0UZBSAFcfloVDplj9IvU+uRMTOdE23Fj0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= From 8f72f5abdfb02beccd7dda744d05b0d7ccbc09a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 May 2022 14:09:13 -0700 Subject: [PATCH 068/494] Bump google.golang.org/grpc from 1.44.0 to 1.46.0 (#8509) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.44.0 to 1.46.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.44.0...v1.46.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index d08c29b30..63f7f9979 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 golang.org/x/net v0.0.0-20220225172249-27dd8689420f - google.golang.org/grpc v1.44.0 + google.golang.org/grpc v1.46.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.23.6 diff --git a/go.sum b/go.sum index 25f3912f0..29f604ea1 100644 --- a/go.sum +++ b/go.sum @@ -112,8 +112,8 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= @@ -160,7 +160,7 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= +github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -1064,8 +1064,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg= -google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.46.0 h1:oCjezcn6g6A75TGoKYBPgKmVBLexhYLM6MebdrPApP8= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From dfc9a9aa33c1ca4b9c0a6213e1f15939d487b138 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 May 2022 14:11:13 -0700 Subject: [PATCH 069/494] Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 (#8510) Bumps [github.com/mitchellh/mapstructure](https://github.com/mitchellh/mapstructure) from 1.4.3 to 1.5.0. - [Release notes](https://github.com/mitchellh/mapstructure/releases) - [Changelog](https://github.com/mitchellh/mapstructure/blob/main/CHANGELOG.md) - [Commits](https://github.com/mitchellh/mapstructure/compare/v1.4.3...v1.5.0) --- updated-dependencies: - dependency-name: github.com/mitchellh/mapstructure dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 63f7f9979..271d51cc6 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/kylelemons/godebug v1.1.0 github.com/mitchellh/go-ps v1.0.0 github.com/mitchellh/hashstructure v1.1.0 - github.com/mitchellh/mapstructure v1.4.3 + github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20180404114147-54bdd96e6a52 github.com/ncabatoff/process-exporter v0.7.10 github.com/onsi/ginkgo v1.16.5 diff --git a/go.sum b/go.sum index 29f604ea1..1fea72482 100644 --- a/go.sum +++ b/go.sum @@ -425,8 +425,8 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= -github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mmarkdown/mmark v2.0.40+incompatible h1:vMeUeDzBK3H+/mU0oMVfMuhSXJlIA+DE/DMPQNAj5C4= github.com/mmarkdown/mmark v2.0.40+incompatible/go.mod h1:Uvmoz7tvsWpr7bMVxIpqZPyN3FbOtzDmnsJDFp7ltJs= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= From 31178ef2c30dc2424ce69eff43d07875e834bb96 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 May 2022 14:13:13 -0700 Subject: [PATCH 070/494] Bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.3 (#8511) Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.5.1 to 1.5.3. - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](https://github.com/fsnotify/fsnotify/compare/v1.5.1...v1.5.3) --- updated-dependencies: - dependency-name: github.com/fsnotify/fsnotify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 271d51cc6..fd7979d16 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.17 require ( github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a github.com/eapache/channels v1.1.0 - github.com/fsnotify/fsnotify v1.5.1 + github.com/fsnotify/fsnotify v1.5.3 github.com/gavv/httpexpect/v2 v2.3.1 github.com/imdario/mergo v0.3.12 github.com/json-iterator/go v1.1.12 diff --git a/go.sum b/go.sum index 1fea72482..8a4e04ab7 100644 --- a/go.sum +++ b/go.sum @@ -178,8 +178,9 @@ github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoD github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= +github.com/fsnotify/fsnotify v1.5.3 h1:vNFpj2z7YIbwh2bw7x35sqYpp2wfuq+pivKbWG09B8c= +github.com/fsnotify/fsnotify v1.5.3/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/gavv/httpexpect/v2 v2.3.1 h1:sGLlKMn8AuHS9ztK9Sb7AJ7OxIL8v2PcLdyxfKt1Fo4= From 6a86b864d4851b36b4bdbbfe48a3396a951de113 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 May 2022 14:15:13 -0700 Subject: [PATCH 071/494] Bump github.com/prometheus/common from 0.33.0 to 0.34.0 (#8512) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.33.0 to 0.34.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.33.0...v0.34.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index fd7979d16..29091112d 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.12.1 github.com/prometheus/client_model v0.2.0 - github.com/prometheus/common v0.33.0 + github.com/prometheus/common v0.34.0 github.com/spf13/cobra v1.4.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.7.1 diff --git a/go.sum b/go.sum index 8a4e04ab7..3dc978c9e 100644 --- a/go.sum +++ b/go.sum @@ -516,8 +516,8 @@ github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9 github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.33.0 h1:rHgav/0a6+uYgGdNt3jwz8FNSesO/Hsang3O0T9A5SE= -github.com/prometheus/common v0.33.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= +github.com/prometheus/common v0.34.0 h1:RBmGO9d/FVjqHT0yUGQwBJhkwKV+wPCn7KGpvfab0uE= +github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= From cbc288ab647b56e5d7c251ab0d72fdb52650b4f2 Mon Sep 17 00:00:00 2001 From: Daniel Schepers Date: Mon, 2 May 2022 21:11:55 -0500 Subject: [PATCH 072/494] Update README.md (#8537) --- docs/examples/customization/configuration-snippets/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/examples/customization/configuration-snippets/README.md b/docs/examples/customization/configuration-snippets/README.md index 5ef230ff1..33e7c4bf0 100644 --- a/docs/examples/customization/configuration-snippets/README.md +++ b/docs/examples/customization/configuration-snippets/README.md @@ -2,7 +2,7 @@ ## Ingress -The Ingress in [this example](ingress.yaml) adds a custom header to Nginx configuration that only applies to that specific Ingress. If you want to add headers that apply globally to all Ingresses, please have a look at [an example of specifying customer headers](../custom-headers/README.md). +The Ingress in [this example](ingress.yaml) adds a custom header to Nginx configuration that only applies to that specific Ingress. If you want to add headers that apply globally to all Ingresses, please have a look at [an example of specifying custom headers](../custom-headers/README.md). ```console kubectl apply -f ingress.yaml From 5a7d053c6f0c26a912a32baac3c6b183c585fe1a Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 4 May 2022 07:45:53 -0400 Subject: [PATCH 073/494] Document nginx 1.19.7 deprecations pulled in by ingress-nginx 1.1.3 (#8532) * Document nginx 1.19.7 deprecations pulled in by ingress-nginx 1.1.3 Signed-off-by: Josh Soref * Document ingress-nginx 1.1.3/1.3.0 removals Signed-off-by: Josh Soref Co-authored-by: Josh Soref --- Changelog.md | 6 ++++++ docs/user-guide/nginx-configuration/configmap.md | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/Changelog.md b/Changelog.md index 687ae51f7..b1c94f12f 100644 --- a/Changelog.md +++ b/Changelog.md @@ -75,6 +75,12 @@ Patches [OpenSSL CVE-2022-0778](https://github.com/kubernetes/ingress-nginx/issu Patches [Libxml2 CVE-2022-23308](https://github.com/kubernetes/ingress-nginx/issues/8321) +_Breaking Changes:_ + +- https://github.com/nginx/nginx/commit/d18e066d650bff39f1705d3038804873584007af Deprecated http2_recv_timeout in favor of client_header_timeout (client-header-timeout) +- https://github.com/nginx/nginx/commit/51fea093e4374dbd857dc437ff9588060ef56471 Deprecated http2_max_field_size (http2-max-field-size) and http2_max_header_size (http2-max-header-size) in favor of large_client_header_buffers (large-client-header-buffers) +- https://github.com/nginx/nginx/commit/49ab3312448495f0ee8e00143a29624dde46ef5c Deprecated http2_idle_timeout and http2_max_requests (http2-max-requests) in favor of keepalive_timeout (upstream-keepalive-timeout?) and keepalive_requests (upstream-keepalive-requests?) respectively + _Changes:_ - [8415](https://github.com/kubernetes/ingress-nginx/pull/8415) base img update for e2e-test-runner & opentelemetry diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 6cec6f02f..57d79d536 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -371,6 +371,9 @@ _References:_ ## http2-max-field-size +!!! warning + This feature was deprecated in 1.1.3 and will be removed in 1.3.0. Use [large-client-header-buffers](#large-client-header-buffers) instead. + Limits the maximum size of an HPACK-compressed request header field. _References:_ @@ -378,6 +381,9 @@ _References:_ ## http2-max-header-size +!!! warning + This feature was deprecated in 1.1.3 and will be removed in 1.3.0. Use [large-client-header-buffers](#large-client-header-buffers) instead. + Limits the maximum size of the entire request header list after HPACK decompression. _References:_ @@ -385,6 +391,9 @@ _References:_ ## http2-max-requests +!!! warning + This feature was deprecated in 1.1.3 and will be removed in 1.3.0. Use [upstream-keepalive-requests](#upstream-keepalive-requests) instead. + Sets the maximum number of requests (including push requests) that can be served through one HTTP/2 connection, after which the next client request will lead to connection closing and the need of establishing a new connection. _References:_ From a5a59f18e58abb0f930cb04cabf3775138ae95c0 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Wed, 4 May 2022 08:57:51 -0300 Subject: [PATCH 074/494] Revert "Remove dind in ci tests (#8529)" (#8547) This reverts commit 4cc0099eeefe7d0bfdf2e8db5955e78c229948d6. --- build/run-in-docker.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index ee6c49a04..315756269 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -62,7 +62,10 @@ else PLATFORM_FLAG= fi -docker run \ +if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then + /bin/bash -c "${FLAGS}" +else + docker run \ ${PLATFORM_FLAG} ${PLATFORM} \ --tty \ --rm \ @@ -78,3 +81,4 @@ docker run \ -w "/go/src/${PKG}" \ -u $(id -u ${USER}):$(id -g ${USER}) \ ${E2E_IMAGE} /bin/bash -c "${FLAGS}" +fi From 9c288ee2c21c6473266c64c0dd123bb617da94a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 May 2022 05:05:51 -0700 Subject: [PATCH 075/494] Bump github.com/fsnotify/fsnotify from 1.5.3 to 1.5.4 (#8533) Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.5.3 to 1.5.4. - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](https://github.com/fsnotify/fsnotify/compare/v1.5.3...v1.5.4) --- updated-dependencies: - dependency-name: github.com/fsnotify/fsnotify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 29091112d..b13ed1cc6 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.17 require ( github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a github.com/eapache/channels v1.1.0 - github.com/fsnotify/fsnotify v1.5.3 + github.com/fsnotify/fsnotify v1.5.4 github.com/gavv/httpexpect/v2 v2.3.1 github.com/imdario/mergo v0.3.12 github.com/json-iterator/go v1.1.12 @@ -120,7 +120,7 @@ require ( go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.4.2 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect + golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect diff --git a/go.sum b/go.sum index 3dc978c9e..c0e977ba5 100644 --- a/go.sum +++ b/go.sum @@ -179,8 +179,8 @@ github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= -github.com/fsnotify/fsnotify v1.5.3 h1:vNFpj2z7YIbwh2bw7x35sqYpp2wfuq+pivKbWG09B8c= -github.com/fsnotify/fsnotify v1.5.3/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= +github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= +github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/gavv/httpexpect/v2 v2.3.1 h1:sGLlKMn8AuHS9ztK9Sb7AJ7OxIL8v2PcLdyxfKt1Fo4= @@ -877,8 +877,9 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= From 32306381606c249b86cb2d5015c79f994251dad8 Mon Sep 17 00:00:00 2001 From: kszafran Date: Wed, 4 May 2022 14:11:51 +0200 Subject: [PATCH 076/494] Update default allowed CORS headers (#8459) X-CustomHeader looks more like an example than a header we would want to accept in production. Added Range as a useful header that enables operations on resources that can be fetched in chunks. --- docs/user-guide/nginx-configuration/annotations.md | 2 +- internal/ingress/annotations/annotations_test.go | 2 +- internal/ingress/annotations/cors/main.go | 2 +- test/e2e/annotations/cors.go | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 6309601b2..3a70ba14c 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -351,7 +351,7 @@ CORS can be controlled with the following annotations: This is a multi-valued field, separated by ',' and accepts letters, numbers, _ and -. - - Default: `DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization` + - Default: `DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization` - Example: `nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For, X-app123-XPTO"` * `nginx.ingress.kubernetes.io/cors-expose-headers`: Controls which headers are exposed to response. diff --git a/internal/ingress/annotations/annotations_test.go b/internal/ingress/annotations/annotations_test.go index a253355a2..d792801bc 100644 --- a/internal/ingress/annotations/annotations_test.go +++ b/internal/ingress/annotations/annotations_test.go @@ -39,7 +39,7 @@ var ( annotationCorsExposeHeaders = parser.GetAnnotationWithPrefix("cors-expose-headers") annotationCorsAllowCredentials = parser.GetAnnotationWithPrefix("cors-allow-credentials") defaultCorsMethods = "GET, PUT, POST, DELETE, PATCH, OPTIONS" - defaultCorsHeaders = "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization" + defaultCorsHeaders = "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" annotationAffinityCookieName = parser.GetAnnotationWithPrefix("session-cookie-name") annotationUpstreamHashBy = parser.GetAnnotationWithPrefix("upstream-hash-by") annotationCustomHTTPErrors = parser.GetAnnotationWithPrefix("custom-http-errors") diff --git a/internal/ingress/annotations/cors/main.go b/internal/ingress/annotations/cors/main.go index de5b8c279..3888f2909 100644 --- a/internal/ingress/annotations/cors/main.go +++ b/internal/ingress/annotations/cors/main.go @@ -30,7 +30,7 @@ import ( const ( // Default values defaultCorsMethods = "GET, PUT, POST, DELETE, PATCH, OPTIONS" - defaultCorsHeaders = "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization" + defaultCorsHeaders = "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" defaultCorsMaxAge = 1728000 ) diff --git a/test/e2e/annotations/cors.go b/test/e2e/annotations/cors.go index c249b3877..f88459bce 100644 --- a/test/e2e/annotations/cors.go +++ b/test/e2e/annotations/cors.go @@ -45,7 +45,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() { func(server string) bool { return strings.Contains(server, "more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';") && strings.Contains(server, "more_set_headers 'Access-Control-Allow-Origin: $http_origin';") && - strings.Contains(server, "more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';") && + strings.Contains(server, "more_set_headers 'Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';") && strings.Contains(server, "more_set_headers 'Access-Control-Max-Age: 1728000';") && strings.Contains(server, "more_set_headers 'Access-Control-Allow-Credentials: true';") && strings.Contains(server, "set $http_origin *;") && From ee50e38b44b83278bac455f9d1e1f9d07d4ec97c Mon Sep 17 00:00:00 2001 From: Florian Michel <52607335+flo-mic@users.noreply.github.com> Date: Wed, 4 May 2022 17:29:51 +0200 Subject: [PATCH 077/494] disable modsecurity on error page (#8202) * disable modsecurity on error page * fix modsecurity error pages test * fix variable in nginx template * disable modsecurity on all internal locations * fix pipeline checks for gofmt Signed-off-by: Florian Michel --- .../ingress/controller/template/template.go | 16 ++++++++------- rootfs/etc/nginx/template/nginx.tmpl | 20 +++++++++++++++++-- 2 files changed, 27 insertions(+), 9 deletions(-) diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index f24aea0c4..73bc344c0 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -1277,15 +1277,17 @@ func proxySetHeader(loc interface{}) string { // buildCustomErrorDeps is a utility function returning a struct wrapper with // the data required to build the 'CUSTOM_ERRORS' template -func buildCustomErrorDeps(upstreamName string, errorCodes []int, enableMetrics bool) interface{} { +func buildCustomErrorDeps(upstreamName string, errorCodes []int, enableMetrics bool, modsecurityEnabled bool) interface{} { return struct { - UpstreamName string - ErrorCodes []int - EnableMetrics bool + UpstreamName string + ErrorCodes []int + EnableMetrics bool + ModsecurityEnabled bool }{ - UpstreamName: upstreamName, - ErrorCodes: errorCodes, - EnableMetrics: enableMetrics, + UpstreamName: upstreamName, + ErrorCodes: errorCodes, + EnableMetrics: enableMetrics, + ModsecurityEnabled: modsecurityEnabled, } } diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index a181dd22a..ed7d3cc08 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -656,7 +656,7 @@ http { {{ $cfg.ServerSnippet }} {{ end }} - {{ template "CUSTOM_ERRORS" (buildCustomErrorDeps "upstream-default-backend" $cfg.CustomHTTPErrors $all.EnableMetrics) }} + {{ template "CUSTOM_ERRORS" (buildCustomErrorDeps "upstream-default-backend" $cfg.CustomHTTPErrors $all.EnableMetrics $cfg.EnableModsecurity) }} } ## end server {{ $server.Hostname }} @@ -872,11 +872,17 @@ stream { {{/* definition of templates to avoid repetitions */}} {{ define "CUSTOM_ERRORS" }} {{ $enableMetrics := .EnableMetrics }} + {{ $modsecurityEnabled := .ModsecurityEnabled }} {{ $upstreamName := .UpstreamName }} {{ range $errCode := .ErrorCodes }} location @custom_{{ $upstreamName }}_{{ $errCode }} { internal; + # Ensure that modsecurity will not run on custom error pages or they might be blocked + {{ if $modsecurityEnabled }} + modsecurity off; + {{ end }} + proxy_intercept_errors off; proxy_set_header X-Code {{ $errCode }}; @@ -1015,7 +1021,7 @@ stream { {{ end }} {{ range $errorLocation := (buildCustomErrorLocationsPerServer $server) }} - {{ template "CUSTOM_ERRORS" (buildCustomErrorDeps $errorLocation.UpstreamName $errorLocation.Codes $all.EnableMetrics) }} + {{ template "CUSTOM_ERRORS" (buildCustomErrorDeps $errorLocation.UpstreamName $errorLocation.Codes $all.EnableMetrics $all.Cfg.EnableModsecurity) }} {{ end }} {{ buildMirrorLocations $server.Locations }} @@ -1048,6 +1054,11 @@ stream { opentracing_propagate_context; {{ end }} + # Ensure that modsecurity will not run on an internal location as this is not accessible from outside + {{ if $all.Cfg.EnableModsecurity }} + modsecurity off; + {{ end }} + {{ if $externalAuth.AuthCacheKey }} set $tmp_cache_key '{{ $server.Hostname }}{{ $authPath }}{{ $externalAuth.AuthCacheKey }}'; set $cache_key ''; @@ -1158,6 +1169,11 @@ stream { add_header Set-Cookie $auth_cookie; + # Ensure that modsecurity will not run on an internal location as this is not accessible from outside + {{ if $all.Cfg.EnableModsecurity }} + modsecurity off; + {{ end }} + return 302 {{ buildAuthSignURL $externalAuth.SigninURL $externalAuth.SigninURLRedirectParam }}; } {{ end }} From 67e430cb3abf387a2be80c00abe46808e007e254 Mon Sep 17 00:00:00 2001 From: Alexey Miasoedov Date: Thu, 5 May 2022 01:56:20 +0300 Subject: [PATCH 078/494] fix typo (#8550) --- docs/user-guide/multiple-ingress.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/multiple-ingress.md b/docs/user-guide/multiple-ingress.md index 246e38b52..4825b8458 100644 --- a/docs/user-guide/multiple-ingress.md +++ b/docs/user-guide/multiple-ingress.md @@ -11,7 +11,7 @@ If all ingress controllers respect IngressClasses (e.g. multiple instances of in First, ensure the `--controller-class=` and `--ingress-class` are set to something different on each ingress controller: ```yaml -# ingress-nginx Deployment/Statfulset +# ingress-nginx Deployment/Statefulset spec: template: spec: From f10bcd552b261b6aad5e897c80ed1a2692bb8fd7 Mon Sep 17 00:00:00 2001 From: kevin Pichardie Date: Thu, 5 May 2022 10:44:20 +0200 Subject: [PATCH 079/494] Replace release v0.50.0 for v0.51.0 on readme (#8543) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8ce3222a9..0af81cb58 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | v1.0.2 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | v1.0.1 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | -| v0.50.0 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | +| v0.51.0 | 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | | v0.49.3 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | v0.49.2 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | v0.49.1 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | From ec1b01092ef2c2ff36fe296c91c45d9b2d394bbd Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 6 May 2022 16:39:05 +0530 Subject: [PATCH 080/494] added debug commands (#8553) --- test/e2e/run.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 1aa41e1c6..00ea73299 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -78,7 +78,10 @@ if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image image-chroot + echo "[dev-env] .. done building controller images" + echo "[dev-env] now building e2e-image.." make -C ${DIR}/../e2e-image image + echo "[dev-env] ..done building e2e-image" fi # Preload images used in e2e tests From 730b7408ca5d247a31e50aaf479f081dd66949b9 Mon Sep 17 00:00:00 2001 From: serge-r Date: Sun, 8 May 2022 07:39:17 +0700 Subject: [PATCH 081/494] Add header Host into mirror annotations (#8178) --- .../nginx-configuration/annotations.md | 8 +++++ internal/ingress/annotations/mirror/main.go | 20 ++++++++++- .../ingress/annotations/mirror/main_test.go | 33 +++++++++++++++++++ .../ingress/controller/template/template.go | 3 +- 4 files changed, 62 insertions(+), 2 deletions(-) diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 3a70ba14c..2a019ea27 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -131,6 +131,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/modsecurity-snippet](#modsecurity)|string| |[nginx.ingress.kubernetes.io/mirror-request-body](#mirror)|string| |[nginx.ingress.kubernetes.io/mirror-target](#mirror)|string| +|[nginx.ingress.kubernetes.io/mirror-host](#mirror)|string| ### Canary @@ -941,6 +942,13 @@ By default the request-body is sent to the mirror backend, but can be turned off nginx.ingress.kubernetes.io/mirror-request-body: "off" ``` +Also by default header Host for mirrored requests will be set the same as a host part of uri in the "mirror-target" annotation. You can override it by "mirror-host" annotation: + +```yaml +nginx.ingress.kubernetes.io/mirror-target: https://1.2.3.4/$request_uri +nginx.ingress.kubernetes.io/mirror-host: "test.env.com" +``` + **Note:** The mirror directive will be applied to all paths within the ingress resource. The request sent to the mirror is linked to the original request. If you have a slow mirror backend, then the original request will throttle. diff --git a/internal/ingress/annotations/mirror/main.go b/internal/ingress/annotations/mirror/main.go index e11d4b4fb..cd54a9826 100644 --- a/internal/ingress/annotations/mirror/main.go +++ b/internal/ingress/annotations/mirror/main.go @@ -18,9 +18,9 @@ package mirror import ( "fmt" + "strings" networking "k8s.io/api/networking/v1" - "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/resolver" ) @@ -30,6 +30,7 @@ type Config struct { Source string `json:"source"` RequestBody string `json:"requestBody"` Target string `json:"target"` + Host string `json:"host"` } // Equal tests for equality between two Configuration types @@ -54,6 +55,10 @@ func (m1 *Config) Equal(m2 *Config) bool { return false } + if m1.Host != m2.Host { + return false + } + return true } @@ -85,5 +90,18 @@ func (a mirror) Parse(ing *networking.Ingress) (interface{}, error) { config.Source = "" } + config.Host, err = parser.GetStringAnnotation("mirror-host", ing) + if err != nil { + if config.Target != "" { + url, err := parser.StringToURL(config.Target) + if err != nil { + config.Host = "" + } else { + hostname := strings.Split(url.Hostname(), "$") + config.Host = hostname[0] + } + } + } + return config, nil } diff --git a/internal/ingress/annotations/mirror/main_test.go b/internal/ingress/annotations/mirror/main_test.go index af7ed1b1f..f744ab552 100644 --- a/internal/ingress/annotations/mirror/main_test.go +++ b/internal/ingress/annotations/mirror/main_test.go @@ -30,6 +30,7 @@ import ( func TestParse(t *testing.T) { requestBody := parser.GetAnnotationWithPrefix("mirror-request-body") backendURL := parser.GetAnnotationWithPrefix("mirror-target") + host := parser.GetAnnotationWithPrefix("mirror-host") ap := NewParser(&resolver.Mock{}) if ap == nil { @@ -45,11 +46,43 @@ func TestParse(t *testing.T) { Source: ngxURI, RequestBody: "on", Target: "https://test.env.com/$request_uri", + Host: "test.env.com", }}, {map[string]string{requestBody: "off"}, &Config{ Source: "", RequestBody: "off", Target: "", + Host: "", + }}, + {map[string]string{host: "test.env.com", backendURL: "http://some.test.env.com/$someparam"}, &Config{ + Source: ngxURI, + RequestBody: "on", + Target: "http://some.test.env.com/$someparam", + Host: "test.env.com", + }}, + {map[string]string{backendURL: "IamNotAURL"}, &Config{ + Source: ngxURI, + RequestBody: "on", + Target: "IamNotAURL", + Host: "", + }}, + {map[string]string{backendURL: "http://some.test.env.com:2121/$someparam=1&$someotherparam=2"}, &Config{ + Source: ngxURI, + RequestBody: "on", + Target: "http://some.test.env.com:2121/$someparam=1&$someotherparam=2", + Host: "some.test.env.com", + }}, + {map[string]string{backendURL: "http://some.test.env.com", host: "someInvalidParm.%^&*()_=!@#'\""}, &Config{ + Source: ngxURI, + RequestBody: "on", + Target: "http://some.test.env.com", + Host: "someInvalidParm.%^&*()_=!@#'\"", + }}, + {map[string]string{backendURL: "http://some.test.env.com", host: "_sbrubles-i\"@xpto:12345"}, &Config{ + Source: ngxURI, + RequestBody: "on", + Target: "http://some.test.env.com", + Host: "_sbrubles-i\"@xpto:12345", }}, } diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index 73bc344c0..a331c196a 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -1667,10 +1667,11 @@ func buildMirrorLocations(locs []*ingress.Location) string { mapped.Insert(loc.Mirror.Source) buffer.WriteString(fmt.Sprintf(`location = %v { internal; +proxy_set_header Host %v; proxy_pass %v; } -`, loc.Mirror.Source, loc.Mirror.Target)) +`, loc.Mirror.Source, loc.Mirror.Host, loc.Mirror.Target)) } return buffer.String() From 415305d47b2de9f37e1cf49e3797a96706b172dc Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sun, 8 May 2022 16:57:18 +0530 Subject: [PATCH 082/494] added debug to trace testgrid fail & suppressed breaking warning for kubectl version (#8561) --- build/dev-env.sh | 2 +- test/e2e-image/Makefile | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/build/dev-env.sh b/build/dev-env.sh index d98f0bfbd..b2e504b15 100755 --- a/build/dev-env.sh +++ b/build/dev-env.sh @@ -51,7 +51,7 @@ if [[ ${HELM_VERSION} < "v3.0.0" ]]; then exit 1 fi -KUBE_CLIENT_VERSION=$(kubectl version --client --short | awk '{print $3}' | cut -d. -f2) || true +KUBE_CLIENT_VERSION=$(kubectl version --client --short 2>/dev/null | grep Client | awk '{print $3}' | cut -d. -f2) || true if [[ ${KUBE_CLIENT_VERSION} -lt 14 ]]; then echo "Please update kubectl to 1.15 or higher" exit 1 diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index f35c5db5b..0e28e091c 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -2,7 +2,10 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) image: + echo "..entered Makefile in /test/e2e-image" + echo "..calling Make target <>y in /Makefile from inside /test/e2e-image/Makefile" make -C $(DIR)/../../ e2e-test-binary + echo "..done building e2e-test-binary from /test/e2e-image/Makefile" cp $(DIR)/../e2e/e2e.test . cp $(DIR)/../e2e/wait-for-nginx.sh . @@ -19,4 +22,4 @@ clean: docker rmi -f nginx-ingress-controller:e2e || true -.PHONY: image clean \ No newline at end of file +.PHONY: image clean From b9410c86f7960288ec9c45acc074633e231c1bfd Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Mon, 9 May 2022 15:45:19 +0530 Subject: [PATCH 083/494] added debug to docker-in-docker.sh (#8562) --- build/run-in-docker.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 315756269..d74da7476 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -62,9 +62,17 @@ else PLATFORM_FLAG= fi +env && hostname && uname -a +echo "DIND_ENABLED=$DOCKER_IN_DOCKER_ENABLED" +echo "FLAGS=$FLAGS" +echo "PLATFORM=$PLATFORM" +echo "PLATFORM_FLAG=$PLATFORM_FLAG" + if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then + echo "..reached DIND check TRUE block, inside run-in-docker.sh. Checking environ" /bin/bash -c "${FLAGS}" else + echo "..reached DIND check ELSE block, inside run-in-docker.sh. Checking environ" docker run \ ${PLATFORM_FLAG} ${PLATFORM} \ --tty \ From 7402d51a020dbe9352cd57c698487f1e1d058db2 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Mon, 9 May 2022 23:29:19 +0530 Subject: [PATCH 084/494] added step to install ginkgo if DIND environ (#8566) --- build/run-in-docker.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index d74da7476..d63bb656c 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -70,6 +70,7 @@ echo "PLATFORM_FLAG=$PLATFORM_FLAG" if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "..reached DIND check TRUE block, inside run-in-docker.sh. Checking environ" + go get github.com/onsi/ginkgo/ginkgo@v1.16.4 /bin/bash -c "${FLAGS}" else echo "..reached DIND check ELSE block, inside run-in-docker.sh. Checking environ" From fc58e92b3951bd313a36eba227933bb4e931cfbd Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Tue, 10 May 2022 14:19:43 +0530 Subject: [PATCH 085/494] replaced go get ginkgo with go install ginkgo for DIND environ (#8569) --- build/run-in-docker.sh | 21 ++++++++++++++------- test/e2e-image/Makefile | 2 +- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index d63bb656c..4adb7b3e1 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -62,18 +62,25 @@ else PLATFORM_FLAG= fi -env && hostname && uname -a +echo "..printing env & other vars to stdout" +echo "HOSTNAME=`hostname`" +uname -a +env echo "DIND_ENABLED=$DOCKER_IN_DOCKER_ENABLED" -echo "FLAGS=$FLAGS" -echo "PLATFORM=$PLATFORM" -echo "PLATFORM_FLAG=$PLATFORM_FLAG" +echo "done..printing env & other vars to stdout" if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then - echo "..reached DIND check TRUE block, inside run-in-docker.sh. Checking environ" - go get github.com/onsi/ginkgo/ginkgo@v1.16.4 + echo "..reached DIND check TRUE block, inside run-in-docker.sh" + echo "FLAGS=$FLAGS" + go env + set -x + go install -mod=mod github.com/onsi/ginkgo/ginkgo@v1.16.4 + find / -type f -name ginkgo 2>/dev/null + which ginkgo /bin/bash -c "${FLAGS}" + set +x else - echo "..reached DIND check ELSE block, inside run-in-docker.sh. Checking environ" + echo "..reached DIND check ELSE block, inside run-in-docker.sh" docker run \ ${PLATFORM_FLAG} ${PLATFORM} \ --tty \ diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 0e28e091c..3a012a2df 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -3,7 +3,7 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) image: echo "..entered Makefile in /test/e2e-image" - echo "..calling Make target <>y in /Makefile from inside /test/e2e-image/Makefile" + echo "..calling Make target <> in /Makefile from inside /test/e2e-image/Makefile" make -C $(DIR)/../../ e2e-test-binary echo "..done building e2e-test-binary from /test/e2e-image/Makefile" From 61fcca3a3a7c719d8d49c06cc3330431a255b51c Mon Sep 17 00:00:00 2001 From: Pavel Selivanov <52830945+pauljamm@users.noreply.github.com> Date: Tue, 10 May 2022 19:13:43 +0300 Subject: [PATCH 086/494] Add portNamePreffix Helm chart parameter (#8458) Allow user to set custom preffix for TCP and UDP ports --- charts/ingress-nginx/Chart.yaml | 2 +- charts/ingress-nginx/README.md | 3 ++- ...aemonset-tcp-udp-portNamePrefix-values.yaml | 18 ++++++++++++++++++ ...ployment-tcp-udp-portNamePrefix-values.yaml | 17 +++++++++++++++++ .../templates/controller-daemonset.yaml | 4 ++-- .../templates/controller-deployment.yaml | 4 ++-- .../templates/controller-service-internal.yaml | 8 ++++---- .../templates/controller-service.yaml | 8 ++++---- charts/ingress-nginx/values.yaml | 4 ++++ 9 files changed, 54 insertions(+), 14 deletions(-) create mode 100644 charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml create mode 100644 charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 2c76500dd..10a5fbc30 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.1.0 +version: 4.1.1 appVersion: 1.2.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index a78d4d907..7b0b8f819 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.1.0](https://img.shields.io/badge/Version-4.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) +![Version: 4.1.1](https://img.shields.io/badge/Version-4.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -478,6 +478,7 @@ Kubernetes: `>=1.19.0-0` | dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials | | podSecurityPolicy.enabled | bool | `false` | | +| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service | | rbac.create | bool | `true` | | | rbac.scope | bool | `false` | | | revisionHistoryLimit | int | `10` | Rollback limit | diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml new file mode 100644 index 000000000..90b0f57a5 --- /dev/null +++ b/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml @@ -0,0 +1,18 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" + +portNamePrefix: "port" diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml new file mode 100644 index 000000000..56323c5ee --- /dev/null +++ b/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml @@ -0,0 +1,17 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" + +portNamePrefix: "port" diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 4d7361597..99882d1a8 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -131,7 +131,7 @@ spec: protocol: TCP {{- end }} {{- range $key, $value := .Values.tcp }} - - name: {{ $key }}-tcp + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp containerPort: {{ $key }} protocol: TCP {{- if $.Values.controller.hostPort.enabled }} @@ -139,7 +139,7 @@ spec: {{- end }} {{- end }} {{- range $key, $value := .Values.udp }} - - name: {{ $key }}-udp + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp containerPort: {{ $key }} protocol: UDP {{- if $.Values.controller.hostPort.enabled }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index e72e7dbad..5b781f8de 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -128,7 +128,7 @@ spec: protocol: TCP {{- end }} {{- range $key, $value := .Values.tcp }} - - name: {{ $key }}-tcp + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp containerPort: {{ $key }} protocol: TCP {{- if $.Values.controller.hostPort.enabled }} @@ -136,7 +136,7 @@ spec: {{- end }} {{- end }} {{- range $key, $value := .Values.udp }} - - name: {{ $key }}-udp + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp containerPort: {{ $key }} protocol: UDP {{- if $.Values.controller.hostPort.enabled }} diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index 599449836..aae3e155e 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -52,10 +52,10 @@ spec: {{- end }} {{- end }} {{- range $key, $value := .Values.tcp }} - - name: {{ $key }}-tcp + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp port: {{ $key }} protocol: TCP - targetPort: {{ $key }}-tcp + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp {{- if $.Values.controller.service.nodePorts.tcp }} {{- if index $.Values.controller.service.nodePorts.tcp $key }} nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} @@ -63,10 +63,10 @@ spec: {{- end }} {{- end }} {{- range $key, $value := .Values.udp }} - - name: {{ $key }}-udp + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp port: {{ $key }} protocol: UDP - targetPort: {{ $key }}-udp + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp {{- if $.Values.controller.service.nodePorts.udp }} {{- if index $.Values.controller.service.nodePorts.udp $key }} nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index 0f47f131c..2b28196de 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -74,10 +74,10 @@ spec: {{- end }} {{- end }} {{- range $key, $value := .Values.tcp }} - - name: {{ $key }}-tcp + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp port: {{ $key }} protocol: TCP - targetPort: {{ $key }}-tcp + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp {{- if $.Values.controller.service.nodePorts.tcp }} {{- if index $.Values.controller.service.nodePorts.tcp $key }} nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} @@ -85,10 +85,10 @@ spec: {{- end }} {{- end }} {{- range $key, $value := .Values.udp }} - - name: {{ $key }}-udp + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp port: {{ $key }} protocol: UDP - targetPort: {{ $key }}-udp + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp {{- if $.Values.controller.service.nodePorts.udp }} {{- if index $.Values.controller.service.nodePorts.udp $key }} nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 1a45f734a..f52f71d8e 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -921,6 +921,10 @@ tcp: {} udp: {} # 53: "kube-system/kube-dns:53" +# -- Prefix for TCP and UDP ports names in ingress controller service +## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration +portNamePrefix: "" + # -- (string) A base64-encoded Diffie-Hellman parameter. # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param From 24b8e32b088bec15e1f40deab8fefc8bd1b6c2da Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Thu, 12 May 2022 00:15:03 +0530 Subject: [PATCH 087/494] bumped go version to 1.18.1 (#8578) --- .github/workflows/ci.yaml | 10 ++--- go.mod | 2 +- images/custom-error-pages/rootfs/Dockerfile | 2 +- images/custom-error-pages/rootfs/go.mod | 2 +- .../rootfs/Dockerfile | 4 +- images/ext-auth-example-authsvc/rootfs/go.mod | 9 ++--- images/kube-webhook-certgen/rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/go.mod | 38 ++++++++++++++++++- images/test-runner/Makefile | 2 +- 9 files changed, 52 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e82d55134..cf8ec20f2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -69,11 +69,11 @@ jobs: - name: Checkout uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - - name: Set up Go 1.17 + - name: Set up Go 1.18 id: go uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2 with: - go-version: '1.17.6' + go-version: '1.18.2' - name: Set up Docker Buildx id: buildx @@ -133,7 +133,7 @@ jobs: - name: Setup Go uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2 with: - go-version: '1.17.6' + go-version: '1.18.2' - name: cache uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 # v2 @@ -403,12 +403,12 @@ jobs: version: v0.11.1 image: kindest/node:v1.21.1 - - name: Set up Go 1.17 + - name: Set up Go 1.18 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2 with: - go-version: '1.17.6' + go-version: '1.18.2' - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/go.mod b/go.mod index b13ed1cc6..514eb4f3e 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx -go 1.17 +go 1.18 require ( github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index cdceb032b..d53228201 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.17-alpine as builder +FROM golang:1.18.2-alpine as builder RUN apk add git WORKDIR /go/src/k8s.io/ingress-nginx/images/custom-error-pages diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index dec3b7bbb..05bd45400 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/custom-error-pages -go 1.17 +go 1.18 require github.com/prometheus/client_golang v1.11.0 diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index ee2737286..9a52919be 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.17.6-alpine3.15 as builder +FROM golang:1.18.2-alpine3.15 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ @@ -7,4 +7,4 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o authsvc authsvc.go FROM gcr.io/distroless/base-debian11 COPY --from=builder /authsvc/authsvc / EXPOSE 8080 -ENTRYPOINT ["/authsvc"] \ No newline at end of file +ENTRYPOINT ["/authsvc"] diff --git a/images/ext-auth-example-authsvc/rootfs/go.mod b/images/ext-auth-example-authsvc/rootfs/go.mod index 72f2a1049..052d17d6f 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.mod +++ b/images/ext-auth-example-authsvc/rootfs/go.mod @@ -1,8 +1,7 @@ module example.com/authsvc -go 1.17 +go 1.18 -require ( - github.com/google/uuid v1.1.2 // indirect - k8s.io/apimachinery v0.23.1 // indirect -) +require k8s.io/apimachinery v0.23.1 + +require github.com/google/uuid v1.1.2 // indirect diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index f9020fa41..4a60ed2ea 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.16 as builder +FROM --platform=$BUILDPLATFORM golang:1.18.2 as builder ARG BUILDPLATFORM ARG TARGETARCH diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index edd74bea3..3858ae566 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -1,14 +1,48 @@ module github.com/jet/kube-webhook-certgen -go 1.16 +go 1.18 require ( github.com/onrik/logrus v0.9.0 github.com/sirupsen/logrus v1.8.1 github.com/spf13/cobra v1.1.3 - github.com/tidwall/gjson v1.14.0 // indirect k8s.io/api v0.22.6 k8s.io/apimachinery v0.22.6 k8s.io/client-go v0.22.6 k8s.io/kube-aggregator v0.22.6 ) + +require ( + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/evanphx/json-patch v4.11.0+incompatible // indirect + github.com/go-logr/logr v0.4.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.2 // indirect + github.com/google/go-cmp v0.5.5 // indirect + github.com/google/gofuzz v1.1.0 // indirect + github.com/googleapis/gnostic v0.5.5 // indirect + github.com/imdario/mergo v0.3.5 // indirect + github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/json-iterator/go v1.1.11 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.1 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/tidwall/gjson v1.14.0 // indirect + golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect + golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect + golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 // indirect + golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect + golang.org/x/text v0.3.6 // indirect + golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect + google.golang.org/appengine v1.6.5 // indirect + google.golang.org/protobuf v1.26.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect + k8s.io/klog/v2 v2.9.0 // indirect + k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c // indirect + k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect + sigs.k8s.io/yaml v1.2.0 // indirect +) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index e6e047e6c..8ebffc5bb 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -39,7 +39,7 @@ build: ensure-buildx --progress=$(PROGRESS) \ --pull \ --build-arg BASE_IMAGE=$(NGINX_BASE_IMAGE) \ - --build-arg GOLANG_VERSION=1.17.6 \ + --build-arg GOLANG_VERSION=1.18.2 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.21.3 \ --build-arg RESTY_CLI_VERSION=0.27 \ From b0d198252fb74127eecc54f09100ad0a9ad3adce Mon Sep 17 00:00:00 2001 From: James Lakin Date: Fri, 13 May 2022 17:03:49 +0100 Subject: [PATCH 088/494] docs: Comment out TODO heading on the deployment page (#8583) --- docs/deploy/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 283513ac7..0a33c19cd 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -28,7 +28,7 @@ On most Kubernetes clusters, the ingress controller will work without requiring - ... [Bare-metal](#bare-metal-clusters) - [Miscellaneous](#miscellaneous) -## TODO : We have subdirectories for kubernetes versions now because of a PR https://github.com/kubernetes/ingress-nginx/pull/8162 . You can see this here https://github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud . We need to add documentation here that is clear and unambiguous in guiding users to pick the deployment manifest under a subdirectory, based on the K8S version being used. But until the explicit clear docs land here, users are recommended to feel free to use those subdirectories and get the manifest(s) related to their K8S version. + ## Quick start From 24925ccd2b5eb118e7d29faeba0746d9725609f0 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Sat, 14 May 2022 15:41:17 +0200 Subject: [PATCH 089/494] Opentelemetry module build (#8585) * nginx opentelemetry modules * revert sha check --- images/opentelemetry/rootfs/CMakeLists.txt | 95 +++++++++ images/opentelemetry/rootfs/Dockerfile | 29 ++- images/opentelemetry/rootfs/build.sh | 223 +++++++++++++++------ 3 files changed, 284 insertions(+), 63 deletions(-) create mode 100644 images/opentelemetry/rootfs/CMakeLists.txt diff --git a/images/opentelemetry/rootfs/CMakeLists.txt b/images/opentelemetry/rootfs/CMakeLists.txt new file mode 100644 index 000000000..7278016a0 --- /dev/null +++ b/images/opentelemetry/rootfs/CMakeLists.txt @@ -0,0 +1,95 @@ +#!/bin/bash + +# Copyright 2021 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +cmake_minimum_required(VERSION 3.11 FATAL_ERROR) + +project( + dependencies + LANGUAGES CXX + VERSION 0.0.1) + +set(CMAKE_CXX_STANDARD 11) +set(CMAKE_CXX_EXTENSIONS OFF) +set(CMAKE_CXX_STANDARD_REQUIRED ON) +set(CMAKE_CXX_FLAGS "-O2") + +set(CMAKE_BUILD_TYPE + Release + CACHE STRING "Build type" FORCE) + +include(GNUInstallDirs) + +set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY + ${PROJECT_BINARY_DIR}/${CMAKE_INSTALL_LIBDIR}) +set(CMAKE_LIBRARY_OUTPUT_DIRECTORY + ${PROJECT_BINARY_DIR}/${CMAKE_INSTALL_LIBDIR}) +set(CMAKE_RUNTIME_OUTPUT_DIRECTORY + ${PROJECT_BINARY_DIR}/${CMAKE_INSTALL_BINDIR}) + +set(INSTALL_LIBDIR + ${CMAKE_INSTALL_LIBDIR} + CACHE PATH "directory for libraries") +set(INSTALL_BINDIR + ${CMAKE_INSTALL_BINDIR} + CACHE PATH "directory for executables") +set(INSTALL_INCLUDEDIR + ${CMAKE_INSTALL_INCLUDEDIR} + CACHE PATH "directory for header files") + +set(DEF_INSTALL_CMAKEDIR share/cmake/${PROJECT_NAME}) +set(INSTALL_CMAKEDIR + ${DEF_INSTALL_CMAKEDIR} + CACHE PATH "directory for CMake files") + +set_property(DIRECTORY PROPERTY EP_BASE ${CMAKE_BINARY_DIR}/subs) + +set(STAGED_INSTALL_PREFIX ${CMAKE_BINARY_DIR}/stage) +message(STATUS "${PROJECT_NAME} staged install: ${STAGED_INSTALL_PREFIX}") + +find_package(OpenSSL REQUIRED) +message("OpenSSL include dir: ${OPENSSL_INCLUDE_DIR}") +message("OpenSSL libraries: ${OPENSSL_LIBRARIES}") + +set(GRPC_GIT_TAG + "v1.45.2" + CACHE STRING "gRPC version") + +include(ExternalProject) +ExternalProject_Add( + gRPC + GIT_REPOSITORY https://github.com/grpc/grpc.git + GIT_TAG ${GRPC_GIT_TAG} + GIT_SHALLOW 1 + UPDATE_COMMAND "" + CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${STAGED_INSTALL_PREFIX} + -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} + -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER} + -DgRPC_SSL_PROVIDER=package + -DOPENSSL_ROOT_DIR=OpenSSL + -DgRPC_BUILD_TESTS=OFF + -DBUILD_SHARED_LIBS=ON + -DgRPC_INSTALL=ON + CMAKE_CACHE_ARGS -DCMAKE_CXX_FLAGS:STRING=${CMAKE_CXX_FLAGS} + TEST_AFTER_INSTALL 0 + DOWNLOAD_NO_PROGRESS 1 + LOG_CONFIGURE 1 + LOG_BUILD 0 + LOG_INSTALL 1) + +install( + DIRECTORY ${STAGED_INSTALL_PREFIX}/ + DESTINATION . + USE_SOURCE_PERMISSIONS) diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index ebf288c56..ae6ddacbd 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,16 +13,33 @@ # limitations under the License. -FROM alpine:3.14.6 as builder +FROM alpine:3.14.6 as base -COPY . / +RUN mkdir -p /opt/third_party/install +COPY . /opt/third_party/ +# install build tools RUN apk update \ && apk upgrade \ && apk add -U bash \ - && /build.sh + && bash /opt/third_party/build.sh -p -FROM alpine:3.14.6 +# install gRPC +FROM base as grpc +RUN bash /opt/third_party/build.sh -g v1.43.2 -COPY --from=builder init_module.sh /usr/local/bin/init_module.sh -COPY --from=builder /etc/nginx/modules /etc/nginx/modules +# install OpenTelemetry-cpp +FROM base as otel-cpp +COPY --from=grpc /opt/third_party/install/ /usr +RUN bash /opt/third_party/build.sh -o v1.3.0 + +# install otel_ngx_module.so +FROM base as nginx +COPY --from=grpc /opt/third_party/install/ /usr +COPY --from=otel-cpp /opt/third_party/install/ /usr +RUN bash /opt/third_party/build.sh -n + +FROM alpine:3.14.6 +COPY --from=base /opt/third_party/init_module.sh /usr/local/bin/init_module.sh +COPY --from=nginx /etc/nginx/modules /etc/nginx/modules +COPY --from=nginx /opt/third_party/install/lib /usr/lib diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index 67d1e67b2..1146e20dd 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -18,15 +18,12 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.19.10 - +export GRPC_GIT_TAG=${GRPC_GIT_TAG:="v1.43.2"} # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp/compare/v1.2.0...main -export OPENTELEMETRY_CPP_VERSION=1.2.0 - -# Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/2656a4...main -export OPENTELEMETRY_CONTRIB_COMMIT=2656a4072e257b6794da86ddd1b773b49f5517b3 - -export BUILD_PATH=/tmp/build +export OPENTELEMETRY_CPP_VERSION=${OPENTELEMETRY_CPP_VERSION:="1.2.0"} +export INSTAL_DIR=/opt/third_party/install +# improve compilation times +CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1)) rm -rf \ /var/cache/debconf/* \ @@ -35,15 +32,80 @@ rm -rf \ /tmp/* \ /var/tmp/* - -mkdir -p /etc/nginx +export BUILD_PATH=/tmp/build mkdir --verbose -p "$BUILD_PATH" -cd "$BUILD_PATH" -apk add \ - curl \ - git \ - build-base +Help() +{ + # Display Help + echo "Add description of the script functions here." + echo + echo "Syntax: scriptTemplate [-h|g|o|n|p|]" + echo "options:" + echo "h Print Help." + echo "g gRPC git tag" + echo "o OpenTelemetry git tag" + echo "n install nginx" + echo "p prepare" + echo +} + +prepare() +{ + apk add \ + linux-headers \ + openssl \ + curl-dev \ + openssl-dev \ + gtest-dev \ + c-ares-dev \ + pcre-dev \ + curl \ + git \ + build-base +} + +install_grpc() +{ + mkdir -p $BUILD_PATH/grpc + cd ${BUILD_PATH}/grpc + cmake -DCMAKE_INSTALL_PREFIX=${INSTAL_DIR} \ + -DGRPC_GIT_TAG=${GRPC_GIT_TAG} /opt/third_party \ + -DgRPC_BUILD_GRPC_NODE_PLUGIN=OFF \ + -DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN=OFF \ + -DgRPC_BUILD_GRPC_PHP_PLUGIN=OFF \ + -DgRPC_BUILD_GRPC_PHP_PLUGIN=OFF \ + -DgRPC_BUILD_GRPC_PYTHON_PLUGIN=OFF \ + -DgRPC_BUILD_GRPC_RUBY_PLUGIN=OFF + cmake --build . -j ${CORES} --target all install +} + +install_otel() +{ + cd ${BUILD_PATH} + export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+LD_LIBRARY_PATH:}${INSTAL_DIR}/lib:/usr/local" + export PATH="${PATH}:${INSTAL_DIR}/bin" + git clone --recurse-submodules -j ${CORES} --depth=1 -b \ + ${OPENTELEMETRY_CPP_VERSION} https://github.com/open-telemetry/opentelemetry-cpp.git opentelemetry-cpp-${OPENTELEMETRY_CPP_VERSION} + cd "opentelemetry-cpp-${OPENTELEMETRY_CPP_VERSION}" + mkdir -p .build + cd .build + + cmake -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE \ + -DWITH_ZIPKIN=OFF \ + -DWITH_JAEGER=OFF \ + -DCMAKE_INSTALL_PREFIX=${INSTAL_DIR} \ + -DBUILD_TESTING=OFF \ + -DBUILD_SHARED_LIBS=ON \ + -DWITH_OTLP=ON \ + -DWITH_OTLP_GRPC=ON \ + -DWITH_EXAMPLES=OFF \ + -DWITH_ABSEIL=ON \ + -DWITH_OTLP_HTTP=OFF \ + .. + cmake --build . -j ${CORES} --target install +} get_src() { @@ -59,53 +121,100 @@ get_src() rm -rf "$f" } +install_nginx() +{ + export NGINX_VERSION=1.19.10 -get_src e8d0290ff561986ad7cd6c33307e12e11b137186c4403a6a5ccdb4914c082d88 \ - "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" + # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/2656a4...main + export OPENTELEMETRY_CONTRIB_COMMIT=6467ec2e4d67b08b44580b7eb7a298786f4eef91 -get_src 360cdcbd1a235ec62119cc53956b2d31b6ff5f41d44415be53acc544709d58b8 \ - "https://github.com/open-telemetry/opentelemetry-cpp-contrib/archive/$OPENTELEMETRY_CONTRIB_COMMIT.tar.gz" + mkdir -p /etc/nginx + cd "$BUILD_PATH" -# improve compilation times -CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1)) + get_src 360cdcbd1a235ec62119cc53956b2d31b6ff5f41d44415be53acc544709d58b8 \ + "https://github.com/open-telemetry/opentelemetry-cpp-contrib/archive/$OPENTELEMETRY_CONTRIB_COMMIT.tar.gz" -export MAKEFLAGS=-j${CORES} + cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT}/instrumentation/nginx + mkdir -p build + cd build + cmake -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX=${INSTAL_DIR} \ + -DBUILD_SHARED_LIBS=ON \ + -DNGINX_VERSION=${NGINX_VERSION} \ + .. + cmake --build . -j ${CORES} --target install -apk add \ - protobuf-dev \ - grpc \ - grpc-dev \ - gtest-dev \ - c-ares-dev \ - pcre-dev + mkdir -p /etc/nginx/modules + cp ${INSTAL_DIR}/otel_ngx_module.so /etc/nginx/modules/otel_ngx_module.so -cd $BUILD_PATH -git clone --recursive https://github.com/open-telemetry/opentelemetry-cpp opentelemetry-cpp-$OPENTELEMETRY_CPP_VERSION -cd "opentelemetry-cpp-$OPENTELEMETRY_CPP_VERSION" -git checkout v$OPENTELEMETRY_CPP_VERSION -mkdir .build -cd .build + mkdir -p ${INSTAL_DIR}/lib + cp /usr/lib/libopentelemetry_exporter_otlp_grpc.so* ${INSTAL_DIR}/lib + cp /usr/lib/libopentelemetry_otlp_recordable.so* ${INSTAL_DIR}/lib + cp /usr/lib/libprotobuf.so* ${INSTAL_DIR}/lib + cp /usr/lib/libopentelemetry_trace.so* ${INSTAL_DIR}/lib + cp /usr/lib/libopentelemetry_resources.so* ${INSTAL_DIR}/lib + cp /usr/lib/libopentelemetry_common.so* ${INSTAL_DIR}/lib + cp /usr/lib/libstdc++.so* ${INSTAL_DIR}/lib -cmake -DCMAKE_BUILD_TYPE=Release \ - -DBUILD_TESTING=OFF \ - -DWITH_EXAMPLES=OFF \ - -DCMAKE_POSITION_INDEPENDENT_CODE=ON \ - -DWITH_OTLP=ON \ - -DWITH_OTLP_HTTP=OFF \ - .. -make -make install + cp /usr/lib/libgrpc.so* ${INSTAL_DIR}/lib + cp /usr/lib/libgcc_s.so* ${INSTAL_DIR}/lib + cp /usr/lib/libgrpc++.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_bad_variant_access.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_synchronization.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_raw_hash_set.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_hash.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_statusor.so* ${INSTAL_DIR}/lib + cp /usr/lib/libgpr.so* ${INSTAL_DIR}/lib + cp /usr/lib/libupb.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_status.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_time.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_strings.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_stacktrace.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_symbolize.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_malloc_internal.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_base.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_spinlock_wait.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_raw_logging_internal.so* ${INSTAL_DIR}/lib + cp /usr/lib/libre2.so* ${INSTAL_DIR}/lib + cp /usr/lib/libaddress_sorting.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_cord.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_bad_optional_access.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_str_format_internal.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_throw_delegate.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_time_zone.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_city.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_low_level_hash.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_cordz_info.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_int128.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_strings_internal.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_debugging_internal.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_cord_internal.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_cordz_functions.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_cordz_handle.so* ${INSTAL_DIR}/lib + cp /usr/lib/libabsl_exponential_biased.so* ${INSTAL_DIR}/lib +} -# build nginx -cd "$BUILD_PATH/nginx-$NGINX_VERSION" -./configure \ - --prefix=/usr/local/nginx \ - --with-compat \ - --add-dynamic-module=$BUILD_PATH/opentelemetry-cpp-contrib-$OPENTELEMETRY_CONTRIB_COMMIT/instrumentation/nginx - -make modules -mkdir -p /etc/nginx/modules -cp objs/otel_ngx_module.so /etc/nginx/modules/otel_ngx_module.so - -# remove .a files -find /usr/local -name "*.a" -print | xargs /bin/rm +while getopts ":hpng:o:" option; do + case $option in + h) # display Help + Help + exit;; + g) # install gRPC with git tag + GRPC_GIT_TAG=${OPTARG} + install_grpc + exit;; + o) # install OpenTelemetry tag + OPENTELEMETRY_CPP_VERSION=${OPTARG} + install_otel + exit;; + p) # prepare + prepare + exit;; + n) # install nginx + install_nginx + exit;; + \?) + Help + exit;; + esac +done From 2d2ec558ae0445f5aa826f1224587d6bab752ac9 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Mon, 16 May 2022 15:20:18 +0200 Subject: [PATCH 090/494] fix opentelemetry-cpp-contrib sha256 (#8588) --- images/opentelemetry/rootfs/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index 1146e20dd..43808ed2c 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -131,7 +131,7 @@ install_nginx() mkdir -p /etc/nginx cd "$BUILD_PATH" - get_src 360cdcbd1a235ec62119cc53956b2d31b6ff5f41d44415be53acc544709d58b8 \ + get_src 0528e793a97f942868616449d49326160f9cb67b2253fb2c4864603ac6ab09a9 \ "https://github.com/open-telemetry/opentelemetry-cpp-contrib/archive/$OPENTELEMETRY_CONTRIB_COMMIT.tar.gz" cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT}/instrumentation/nginx From df3db8df529dd8b34e40ca8efa84e7a7de8b56b3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 May 2022 06:22:18 -0700 Subject: [PATCH 091/494] Bump google.golang.org/grpc from 1.46.0 to 1.46.2 (#8592) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.0 to 1.46.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.46.0...v1.46.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 18 ++---------------- 2 files changed, 3 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 514eb4f3e..4024d446b 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 golang.org/x/net v0.0.0-20220225172249-27dd8689420f - google.golang.org/grpc v1.46.0 + google.golang.org/grpc v1.46.2 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.23.6 diff --git a/go.sum b/go.sum index c0e977ba5..42ea730c5 100644 --- a/go.sum +++ b/go.sum @@ -96,7 +96,6 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= @@ -125,7 +124,6 @@ github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -162,7 +160,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -178,7 +175,6 @@ github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoD github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= @@ -355,7 +351,6 @@ github.com/imkira/go-interpol v1.0.0 h1:HrmLyvOLJyjR0YofMw8QGdCIuYOs4TJUBDNU5sJC github.com/imkira/go-interpol v1.0.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -466,7 +461,6 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= @@ -474,7 +468,6 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE= -github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU= github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -662,8 +655,6 @@ go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= @@ -671,7 +662,6 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= -go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -767,7 +757,6 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -869,12 +858,10 @@ golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -966,7 +953,6 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= -gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -1066,8 +1052,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.46.0 h1:oCjezcn6g6A75TGoKYBPgKmVBLexhYLM6MebdrPApP8= -google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.46.2 h1:u+MLGgVf7vRdjEYZ8wDFhAVNmhkbJ5hmrA1LMWK1CAQ= +google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 6d4ba5f2603082031eb9b3c4391cefa591a6c85e Mon Sep 17 00:00:00 2001 From: SaurabhGarg1 Date: Mon, 16 May 2022 16:24:17 +0300 Subject: [PATCH 092/494] This PR address #8408 (#8586) It adds description to the `Ingress Percentile Response Times and Transfer Rates` view, so that user knows that this latency data is independant of dashboard time range. This PR also adds two new panel about the latency, where one shows latency as a timeseries graph and other shows heatmap of the latency distribution. --- deploy/grafana/dashboards/nginx.json | 191 ++++++++++++++++++++++++++- 1 file changed, 190 insertions(+), 1 deletion(-) diff --git a/deploy/grafana/dashboards/nginx.json b/deploy/grafana/dashboards/nginx.json index a2c277047..718d41a83 100644 --- a/deploy/grafana/dashboards/nginx.json +++ b/deploy/grafana/dashboards/nginx.json @@ -1016,6 +1016,7 @@ { "columns": [], "datasource": "${DS_PROMETHEUS}", + "description": "This data is real time, independent of dashboard time range", "fontSize": "100%", "gridPos": { "h": 8, @@ -1233,6 +1234,194 @@ "transparent": false, "type": "table" }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 24 + }, + "hideTimeOverride": false, + "id": 91, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.3.4", + "repeatDirection": "h", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "histogram_quantile(0.80, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "P80", + "refId": "C" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "P90", + "refId": "D" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "editorMode": "code", + "exemplar": true, + "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "P99", + "refId": "E" + } + ], + "title": "Ingress Percentile Response Times", + "type": "timeseries" + }, + { + "cards": {}, + "color": { + "cardColor": "#b4ff00", + "colorScale": "sqrt", + "colorScheme": "interpolateWarm", + "exponent": 0.5, + "mode": "spectrum" + }, + "dataFormat": "tsbuckets", + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "description": "", + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 24 + }, + "heatmap": {}, + "hideZeroBuckets": false, + "highlightCards": true, + "id": 89, + "legend": { + "show": true + }, + "reverseYBuckets": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "sum(increase(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le)", + "format": "heatmap", + "interval": "", + "legendFormat": "{{le}}", + "refId": "A" + } + ], + "title": "Ingress Request Latency Heatmap", + "tooltip": { + "show": true, + "showHistogram": true + }, + "type": "heatmap", + "xAxis": { + "show": true + }, + "yAxis": { + "format": "s", + "logBase": 1, + "show": true + }, + "yBucketBound": "auto" + }, { "columns": [ { @@ -1246,7 +1435,7 @@ "h": 8, "w": 24, "x": 0, - "y": 24 + "y": 31 }, "height": "1024", "id": 85, From 72b2f98edbba1195fe8e9da13aee6eb0a6924ae2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 May 2022 06:26:17 -0700 Subject: [PATCH 093/494] Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 (#8591) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 4024d446b..769bfde47 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/onsi/ginkgo v1.16.5 github.com/opencontainers/runc v1.1.1 github.com/pmezard/go-difflib v1.0.0 - github.com/prometheus/client_golang v1.12.1 + github.com/prometheus/client_golang v1.12.2 github.com/prometheus/client_model v0.2.0 github.com/prometheus/common v0.34.0 github.com/spf13/cobra v1.4.0 diff --git a/go.sum b/go.sum index 42ea730c5..6536747fe 100644 --- a/go.sum +++ b/go.sum @@ -494,8 +494,9 @@ github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDf github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= +github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34= +github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= From 6c3a237d7d44a94c80e4d7cf314b10df5607690d Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Mon, 16 May 2022 09:30:18 -0400 Subject: [PATCH 094/494] Add CAP_SYS_CHROOT to DS/PSP when needed (#8587) Signed-off-by: Mac Chaffee --- charts/ingress-nginx/templates/controller-daemonset.yaml | 9 +-------- charts/ingress-nginx/templates/controller-psp.yaml | 3 +++ 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 99882d1a8..2dca8e5c1 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -82,14 +82,7 @@ spec: {{- end }} args: {{- include "ingress-nginx.params" . | nindent 12 }} - securityContext: - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - runAsUser: {{ .Values.controller.image.runAsUser }} - allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} + securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} env: - name: POD_NAME valueFrom: diff --git a/charts/ingress-nginx/templates/controller-psp.yaml b/charts/ingress-nginx/templates/controller-psp.yaml index a859594d1..fe34408c8 100644 --- a/charts/ingress-nginx/templates/controller-psp.yaml +++ b/charts/ingress-nginx/templates/controller-psp.yaml @@ -12,6 +12,9 @@ metadata: spec: allowedCapabilities: - NET_BIND_SERVICE + {{- if .Values.controller.image.chroot }} + - SYS_CHROOT + {{- end }} {{- if .Values.controller.sysctls }} allowedUnsafeSysctls: {{- range $sysctl, $value := .Values.controller.sysctls }} From 93af9f726ad4f6eb33a14cd864ffb2655c8045cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 May 2022 04:40:27 -0700 Subject: [PATCH 095/494] Bump github.com/opencontainers/runc from 1.1.1 to 1.1.2 (#8593) Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.1 to 1.1.2. - [Release notes](https://github.com/opencontainers/runc/releases) - [Changelog](https://github.com/opencontainers/runc/blob/v1.1.2/CHANGELOG.md) - [Commits](https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.2) --- updated-dependencies: - dependency-name: github.com/opencontainers/runc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 769bfde47..8547d6970 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/moul/pb v0.0.0-20180404114147-54bdd96e6a52 github.com/ncabatoff/process-exporter v0.7.10 github.com/onsi/ginkgo v1.16.5 - github.com/opencontainers/runc v1.1.1 + github.com/opencontainers/runc v1.1.2 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.12.2 github.com/prometheus/client_model v0.2.0 diff --git a/go.sum b/go.sum index 6536747fe..6dca2bc83 100644 --- a/go.sum +++ b/go.sum @@ -468,8 +468,8 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE= -github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU= -github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= +github.com/opencontainers/runc v1.1.2 h1:2VSZwLx5k/BfsBxMMipG/LYUnmqOD/BPkIVgQUcTlLw= +github.com/opencontainers/runc v1.1.2/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= From 2c27e66cc792f389186642a08406dc803c46ae4f Mon Sep 17 00:00:00 2001 From: Maksim Nabokikh Date: Fri, 20 May 2022 02:27:53 +0400 Subject: [PATCH 096/494] feat: always set auth cookie (#8213) * feat: always set auth cookie Signed-off-by: m.nabokikh * feat: Add annotation to always set auth cookie * Add annotation * Add global configmap key * Provide unit tests and e2e tests * Fix e2e documentation autogen script Signed-off-by: m.nabokikh * Regenerate e2e tests Signed-off-by: m.nabokikh --- RELEASE.md | 1 + docs/e2e-tests.md | 737 ++++++------------ .../nginx-configuration/annotations.md | 2 + .../nginx-configuration/configmap.md | 5 + hack/generate-e2e-suite-doc.sh | 11 +- internal/ingress/annotations/authreq/main.go | 8 + .../ingress/annotations/authreq/main_test.go | 35 +- internal/ingress/controller/config/config.go | 3 +- .../ingress/controller/template/configmap.go | 11 + .../controller/template/configmap_test.go | 28 + rootfs/etc/nginx/template/nginx.tmpl | 6 +- test/e2e/annotations/auth.go | 90 ++- test/e2e/settings/global_external_auth.go | 101 ++- 13 files changed, 501 insertions(+), 537 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 2d8e141aa..0dfdb8681 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -270,6 +270,7 @@ Promoting the images basically means that images, that were pushed to staging co - Update the version in [docs/deploy/index.md](docs/deploy/index.md) - Update Supported versions in the Support Versions table in the README.md +- Execute the script to update e2e docs [hack/generate-e2e-suite-doc.sh](https://github.com/kubernetes/ingress-nginx/blob/main/hack/generate-e2e-suite-doc.sh) ### h. Edit stable.txt diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index fa8158887..d5aa6cc16 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -1,405 +1,36 @@ - + # e2e test suite for [Ingress NGINX Controller](https://github.com/kubernetes/ingress-nginx/tree/main/) -### [[Default Backend] change default settings](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L31) - -- [should apply the annotation to the default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L39) - -### [[Default Backend]](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L29) - -- [should return 404 sending requests when only a default backend is running](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L32) -- [enables access logging for default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L89) -- [disables access logging for default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L106) - -### [[Default Backend] custom service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/custom_default_backend.go#L33) - -- [uses custom default backend that returns 200 as status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/custom_default_backend.go#L36) - -### [[Default Backend] SSL](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/ssl.go#L26) - -- [should return a self generated SSL certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/ssl.go#L29) - -### [[TCP] tcp-services](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L37) - -- [should expose a TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L40) -- [should expose an ExternalName TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L98) - -### [auth-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L39) - -- [should return status code 200 when no authentication is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L46) -- [should return status code 503 when authentication is configured with an invalid secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L65) -- [should return status code 401 when authentication is configured but Authorization header is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L89) -- [should return status code 401 when authentication is configured and Authorization header is sent with invalid credentials](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L116) -- [should return status code 200 when authentication is configured and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L144) -- [should return status code 200 when authentication is configured with a map and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L171) -- [should return status code 401 when authentication is configured with invalid content and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L199) -- [proxy_set_header My-Custom-Header 42;](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L238) -- [proxy_set_header My-Custom-Header 42;](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L256) -- [proxy_set_header 'My-Custom-Header' '42';](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L273) -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L294) -- [retains cookie set by external authentication server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L316) -- [should return status code 200 when signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L413) -- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L422) -- [keeps processing new ingresses even if one of the existing ingresses is misconfigured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L433) -- [should return status code 200 when signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L490) -- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L499) -- [keeps processing new ingresses even if one of the existing ingresses is misconfigured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L510) -- [should return status code 200 when signed in after auth backend is deleted ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L584) -- [should deny login for different location on same server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L604) -- [should deny login for different servers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L632) -- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L661) - -### [affinitymode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L31) - -- [Balanced affinity mode should balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L34) -- [Check persistent affinity mode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L64) - -### [proxy-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L28) - -- [should set proxy_redirect to off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L36) -- [should set proxy_redirect to default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L52) -- [should set proxy_redirect to hello.com goodbye.com](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L68) -- [should set proxy client-max-body-size to 8m](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L85) -- [should not set proxy client-max-body-size to incorrect value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L100) -- [should set valid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L115) -- [should not set invalid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L136) -- [should turn on proxy-buffering](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L157) -- [should turn off proxy-request-buffering](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L179) -- [should build proxy next upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L194) -- [should setup proxy cookies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L215) -- [should change the default proxy HTTP version](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L233) - -### [affinity session-cookie-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L35) - -- [should set sticky cookie SERVERID](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L42) -- [should change cookie name on ingress definition change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L64) -- [should set the path to /something on the generated cookie](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L99) -- [does not set the path to / on the generated cookie if there's more than one rule referring to the same backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L121) -- [should set cookie with expires](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L182) -- [should work with use-regex annotation and session-cookie-path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L213) -- [should warn user when use-regex is true and session-cookie-path is not set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L237) -- [should not set affinity across all server locations when using separate ingresses](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L263) -- [should set sticky cookie without host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L295) -- [should work with server-alias annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L315) - -### [mirror-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L28) - -- [should set mirror-target to http://localhost/mirror](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L36) -- [should set mirror-target to https://test.env.com/$request_uri](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L51) -- [should disable mirror-request-body](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L67) - -### [canary-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L35) - -- [should response with a 200 status from the mainline upstream when requests are made to the mainline ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L47) -- [should return 404 status for requests to the canary if no matching ingress is found](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L79) -- [should return the correct status codes when endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L106) -- [should route requests to the correct upstream if mainline ingress is created before the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L160) -- [should route requests to the correct upstream if mainline ingress is created after the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L205) -- [should route requests to the correct upstream if the mainline ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L249) -- [should route requests to the correct upstream if the canary ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L306) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L361) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L415) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L479) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L521) -- [should routes to mainline upstream when the given Regex causes error](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L555) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L593) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L632) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L687) -- [should not use canary as a catch-all server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L743) -- [should not use canary with domain as a server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L771) -- [does not crash when canary ingress has multiple paths to the same non-matching backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L795) - -### [limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitrate.go#L29) - -- [Check limit-rate annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitrate.go#L37) - -### [force-ssl-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L27) - -- [should redirect to https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L34) - -### [http2-push-preload](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L27) - -- [enable the http2-push-preload directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L34) - -### [proxy-ssl-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L30) - -- [should set valid proxy-ssl-secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L37) -- [should set valid proxy-ssl-secret, proxy-ssl-verify to on, proxy-ssl-verify-depth to 2, and proxy-ssl-server-name to on](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L64) -- [should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L94) -- [should set valid proxy-ssl-secret, proxy-ssl-protocols](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L122) -- [proxy-ssl-location-only flag should change the nginx config server part](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L150) - -### [modsecurity owasp](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L27) - -- [should enable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L34) -- [should enable modsecurity with transaction ID and OWASP rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L52) -- [should disable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L73) -- [should enable modsecurity with snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L90) -- [should enable modsecurity without using 'modsecurity on;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L109) -- [should disable modsecurity using 'modsecurity off;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L131) -- [should enable modsecurity with snippet and block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L152) -- [should enable modsecurity globally and with modsecurity-snippet block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L186) - -### [backend-protocol - GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L38) - -- [should use grpc_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L41) -- [should return OK for service with backend protocol GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L66) -- [should return OK for service with backend protocol GRPCS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L124) - -### [cors-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L28) - -- [should enable cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L35) -- [should set cors methods to only allow POST, GET](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L60) -- [should set cors max-age](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L76) -- [should disable cors allow credentials](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L92) -- [should allow origin for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L108) -- [should allow headers for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L124) -- [should expose headers for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L140) - -### [influxdb-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L39) - -- [should send the request metric to the influxdb server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L48) - -### [Annotation - limit-connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitconnections.go#L31) - -- [should limit-connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitconnections.go#L38) - -### [client-body-buffer-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L28) - -- [should set client_body_buffer_size to 1000](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L35) -- [should set client_body_buffer_size to 1K](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L51) -- [should set client_body_buffer_size to 1k](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L67) -- [should set client_body_buffer_size to 1m](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L83) -- [should set client_body_buffer_size to 1M](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L99) -- [should not set client_body_buffer_size to invalid 1b](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L115) - -### [default-backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/default_backend.go#L29) - -- [should use a custom default backend as upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/default_backend.go#L37) - -### [connection-proxy-header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/connection.go#L29) - -- [set connection header to keep-alive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/connection.go#L36) - -### [upstream-vhost](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamvhost.go#L27) - -- [set host to upstreamvhost.bar.com](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamvhost.go#L34) - -### [custom-http-errors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/customhttperrors.go#L34) - -- [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/customhttperrors.go#L41) - -### [disable-access-log disable-http-access-log disable-stream-access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L27) - -- [disable-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L34) -- [disable-http-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L46) - -### [server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L27) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L34) - -### [rewrite-target use-regex enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L30) - -- [should write rewrite logs](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L37) -- [should use correct longest path match](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L66) -- [should use ~* location modifier if regex annotation is present](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L111) -- [should fail to use longest match for documented warning](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L158) -- [should allow for custom rewrite parameters](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L190) - -### [app-root](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/approot.go#L28) - -- [should redirect to /foo](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/approot.go#L35) - -### [whitelist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L26) - -- [should set valid ip whitelist range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L33) - -### [enable-access-log enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L27) - -- [set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L34) -- [set rewrite_log on](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L49) - -### [x-forwarded-prefix](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L28) - -- [should set the X-Forwarded-Prefix to the annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L35) -- [should not add X-Forwarded-Prefix if the annotation value is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L57) - -### [configuration-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L27) - -- [ in all locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L34) - -### [backend-protocol - FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L31) - -- [should use fastcgi_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L38) -- [should add fastcgi_index in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L55) -- [should add fastcgi_param in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L72) -- [should return OK for service with backend protocol FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L105) - -### [from-to-www-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L31) - -- [should redirect from www HTTP to HTTP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L38) -- [should redirect from www HTTPS to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L64) - -### [permanent-redirect permanent-redirect-code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L30) - -- [should respond with a standard redirect code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L33) -- [should respond with a custom redirect code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L61) - -### [upstream-hash-by-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L76) - -- [should connect to the same pod](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L83) -- [should connect to the same subset of pods](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L92) - -### [annotation-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/globalratelimit.go#L30) - -- [generates correct configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/globalratelimit.go#L38) - -### [backend-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L27) - -- [should set backend protocol to https:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L34) -- [should set backend protocol to grpc:// and use grpc_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L49) -- [should set backend protocol to grpcs:// and use grpc_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L64) -- [should set backend protocol to '' and use fastcgi_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L79) -- [should set backend protocol to '' and use ajp_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L94) - -### [satisfy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L35) - -- [should configure satisfy directive correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L42) -- [should allow multiple auth with satisfy any](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L84) - -### [server-alias](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L29) - -- [should return status code 200 for host 'foo' and 404 for 'bar'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L36) -- [should return status code 200 for host 'foo' and 'bar'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L62) -- [should return status code 200 for hosts defined in two ingresses, different path with one alias](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L87) - -### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/sslciphers.go#L27) - -- [should change ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/sslciphers.go#L34) - -### [auth-tls-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L30) - -- [should set valid auth-tls-secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L37) -- [should set valid auth-tls-secret, sslVerify to off, and sslVerifyDepth to 2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L73) -- [should set valid auth-tls-secret, pass certificate to upstream, and error page](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L103) -- [should validate auth-tls-verify-client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L153) - -### [[Status] status update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L38) - -- [should update status field after client-go reconnection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L43) - -### [Debug CLI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L29) - -- [should list the backend servers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L37) -- [should get information for a specific backend server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L56) -- [should produce valid JSON for /dbg general](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L85) - -### [[Memory Leak] Dynamic Certificates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/leaks/lua_ssl.go#L35) - -- [should not leak memory from ingress SSL certificates or configuration updates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/leaks/lua_ssl.go#L42) - -### [[Ingress] [PathType] mix Exact and Prefix paths](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_mixed.go#L30) - -- [should choose the correct location](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_mixed.go#L39) - -### [[Ingress] definition without host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L32) - -- [should set ingress details variables for ingresses without a host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L35) -- [should set ingress details variables for ingresses with host without IngressRuleValue, only Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L56) - -### [single ingress - multiple hosts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/multiple_rules.go#L31) - -- [should set the correct $service_name NGINX variable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/multiple_rules.go#L39) - -### [[Ingress] [PathType] exact](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_exact.go#L30) - -- [should choose exact location for /exact](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_exact.go#L37) - -### [[Ingress] [PathType] prefix checks](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_prefix.go#L28) - -- [should return 404 when prefix /aaa does not match request /aaaccc](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_prefix.go#L35) - -### [[Security] request smuggling](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L32) - -- [should not return body content from error_page](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L39) - -### [[SSL] [Flag] default-ssl-certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L33) - -- [uses default ssl certificate for catch-all ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L64) -- [uses default ssl certificate for host based ingress when configured certificate does not match host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L80) - -### [enable-real-ip](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L30) - -- [trusts X-Forwarded-For header only when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L40) -- [should not trust X-Forwarded-For header when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L78) - -### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L26) - -- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L31) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L39) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L51) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L63) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L75) - -### [[Lua] lua-shared-dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L26) - -- [configures lua shared dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L29) - -### [server-tokens](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L30) - -- [should not exists Server header in the response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L38) -- [should exists Server header in the response when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L50) - -### [use-proxy-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L36) - -- [should respect port passed by the PROXY Protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L46) -- [should respect proto passed by the PROXY Protocol server port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L79) -- [should enable PROXY Protocol for HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L112) -- [should enable PROXY Protocol for TCP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L155) - -### [[Flag] custom HTTP and HTTPS ports](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L32) - -- [should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L48) -- [should set X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L70) -- [should set the X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L100) - -### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L34) - -- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L55) -- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L69) -- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L83) - -### [Dynamic $proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L28) - -- [should exist a proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L36) -- [should exist a proxy_host using the upstream-vhost annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L57) - -### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L28) - -- [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L36) -- [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L52) +### [Geoip2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L37) + +- [should include geoip2 line in config when enabled and db file exists](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L46) +- [should only allow requests from specific countries](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L70) + +### [[Security] global-auth-url](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L34) + +- [should return status code 401 when request any protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L85) +- [should return status code 200 when request whitelisted (via no-auth-locations) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L102) +- [should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L126) +- [should still return status code 200 after auth backend is deleted using cache](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L155) +- [should proxy_method method when global-auth-method is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L197) +- [should add custom error page when global-auth-signin url is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L210) +- [should add auth headers when global-auth-response-headers is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L223) +- [should set request-redirect when global-auth-request-redirect is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L237) +- [should set snippet when global external auth is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L250) +- [user retains cookie by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L326) +- [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L337) +- [user with global-auth-always-set-cookie key in configmap retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L348) ### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L40) - [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L43) -### [Geoip2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L29) - -- [should only allow requests from specific countries](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L38) - -### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L36) - -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L39) - -### [enable-multi-accept](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L27) - -- [should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L31) -- [should be enabled when set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L39) -- [should be disabled when set to false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L49) - ### [log-format-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L28) - [should disable the log-format-escape-json by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L40) @@ -408,93 +39,47 @@ - [log-format-escape-json enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L66) - [log-format-escape-json disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L89) -### [[Flag] ingress-class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L39) +### [server-tokens](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L29) -- [should ignore Ingress with class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L91) -- [should ignore Ingress with no class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L143) -- [should delete Ingress when class is removed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L177) -- [check scenarios for IngressClass and ingress.class annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L216) +- [should not exists Server header in the response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L38) +- [should exists Server header in the response when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L50) + +### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L28) + +- [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L36) +- [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L52) ### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L28) - [Add ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L31) -### [proxy-next-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L28) +### [use-proxy-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L36) -- [should build proxy next upstream using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L36) - -### [[Security] global-auth-url](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L32) - -- [should return status code 401 when request any protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L83) -- [should return status code 200 when request whitelisted (via no-auth-locations) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L100) -- [should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L124) -- [should still return status code 200 after auth backend is deleted using cache ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L153) -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L195) -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L208) -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L221) -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L235) -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L248) - -### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L28) - -- [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L38) -- [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L55) -- [should block Referers defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L88) +- [should respect port passed by the PROXY Protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L46) +- [should respect proto passed by the PROXY Protocol server port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L79) +- [should enable PROXY Protocol for HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L112) +- [should enable PROXY Protocol for TCP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L155) ### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L28) - [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L35) -### [Configmap - limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L28) +### [configmap server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L28) -- [Check limit-rate config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L36) +- [should add value of server-snippet setting to all ingress config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L35) +- [should add global server-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L92) -### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L47) +### [[Flag] disable-catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L33) -- [should not exists opentracing directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L57) -- [should exists opentracing directive when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L70) -- [should not exists opentracing_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L84) -- [should exists opentracing_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L99) -- [should not exists opentracing_location_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L114) -- [should exists opentracing_location_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L129) -- [should enable opentracing using zipkin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L144) -- [should enable opentracing using jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L156) -- [should enable opentracing using jaeger with sampler host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L168) -- [should propagate the w3c header when configured with jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L181) -- [should enable opentracing using datadog](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L225) +- [should ignore catch all Ingress with backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L50) +- [should ignore catch all Ingress with backend and rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L69) +- [should delete Ingress updated to catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L81) +- [should allow Ingress with rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L123) -### [use-forwarded-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L30) +### [enable-real-ip](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L30) -- [should trust X-Forwarded headers when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L40) -- [should not trust X-Forwarded headers when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L90) - -### [proxy-send-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L28) - -- [should set valid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L36) -- [should not set invalid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L52) - -### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28) - -- [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31) - -### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L30) - -- [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L38) - -### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) - -- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) -- [Add multiple custom headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L65) - -### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L27) - -- [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L40) -- [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L48) -- [should set proxy-headers-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L60) -- [should set proxy-headers-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L68) -- [should set variables-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L80) -- [should set variables-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L88) -- [should set vmap-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L100) +- [trusts X-Forwarded-For header only when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L40) +- [should not trust X-Forwarded-For header when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L78) ### [keep-alive keep-alive-requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L28) @@ -504,16 +89,130 @@ - [should set keep alive connection timeout to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L68) - [should set the request count to upstream server through one keep alive connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L77) -### [[Flag] disable-catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L34) +### [enable-multi-accept](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L27) -- [should ignore catch all Ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L51) -- [should delete Ingress updated to catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L70) -- [should allow Ingress with both a default backend and rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L108) +- [should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L31) +- [should be enabled when set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L39) +- [should be disabled when set to false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L49) + +### [[Flag] watch namespace selector](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L30) + +- [should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L70) + +### [[Flag] disable-service-external-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L34) + +- [should ignore services of external-name type](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L51) + +### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L48) + +- [should not exists opentracing directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L58) +- [should exists opentracing directive when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L71) +- [should include opentracing_trust_incoming_span off directive when disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L85) +- [should not exists opentracing_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L100) +- [should exists opentracing_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L115) +- [should not exists opentracing_location_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L130) +- [should exists opentracing_location_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L145) +- [should enable opentracing using zipkin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L160) +- [should enable opentracing using jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L172) +- [should enable opentracing using jaeger with sampler host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L184) +- [should propagate the w3c header when configured with jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L197) +- [should enable opentracing using jaeger with an HTTP endpoint](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L228) +- [should enable opentracing using datadog](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L241) + +### [Configmap change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L29) + +- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L36) + +### [Configmap - limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L28) + +- [Check limit-rate config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L36) + +### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L26) + +- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L31) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L41) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L53) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L66) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L79) + +### [global-options](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L28) + +- [should have worker_rlimit_nofile option](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L31) +- [should have worker_rlimit_nofile option and be independent on amount of worker processes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L38) + +### [[Flag] ingress-class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L39) + +- [should ignore Ingress with a different class annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L68) +- [should ignore Ingress with different controller class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L104) +- [should accept both Ingresses with default IngressClassName and IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L132) +- [should ignore Ingress without IngressClass configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L164) +- [should delete Ingress when class is removed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L192) +- [should serve Ingress when class is added](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L257) +- [should serve Ingress when class is updated between annotation and ingressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L323) +- [should ignore Ingress with no class and accept the correctly configured Ingresses](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L413) +- [should watch Ingress with no class and ignore ingress with a different class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L482) +- [should watch Ingress that uses the class name even if spec is different](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L539) +- [should watch Ingress with correct annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L631) +- [should ignore Ingress with only IngressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L652) + +### [reuse-port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L27) + +- [reuse port should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L38) +- [reuse port should be disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L44) +- [reuse port should be enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L52) + +### [proxy-send-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L28) + +- [should set valid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L36) +- [should not set invalid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L52) + +### [[SSL] [Flag] default-ssl-certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L33) + +- [uses default ssl certificate for catch-all ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L64) +- [uses default ssl certificate for host based ingress when configured certificate does not match host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L80) + +### [brotli](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L30) + +- [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39) + +### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L36) + +- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L39) + +### [Dynamic $proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L28) + +- [should exist a proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L36) +- [should exist a proxy_host using the upstream-vhost annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L57) + +### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L28) + +- [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L38) +- [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L55) +- [should block Referers defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L88) + +### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L30) + +- [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L38) + +### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28) + +- [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31) ### [main-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L27) - [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31) +### [[Lua] lua-shared-dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L26) + +- [configures lua shared dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L29) + +### [Bad annotation values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L29) + +- [[BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L36) +- [[BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L67) +- [[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L102) +- [[BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L133) + ### [[SSL] TLS protocols, ciphers and headers)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L31) - [setting cipher suite](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L65) @@ -525,15 +224,6 @@ - [should not use ports during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L209) - [should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L227) -### [Configmap change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L29) - -- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L36) - -### [proxy-read-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L28) - -- [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) -- [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) - ### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27) - [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30) @@ -542,33 +232,88 @@ - [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49) -### [reuse-port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L27) +### [configmap stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L34) -- [reuse port should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L38) -- [reuse port should be disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L44) -- [reuse port should be enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L52) +- [should add value of stream-snippet via config map to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L41) -### [[Shutdown] Graceful shutdown with pending request](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/slow_requests.go#L28) +### [proxy-read-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L28) -- [should let slow requests finish before shutting down](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/slow_requests.go#L36) +- [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) +- [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) -### [[Shutdown] ingress controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L33) +### [proxy-next-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L28) -- [should shutdown in less than 60 secons without pending connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L43) -- [should shutdown after waiting 60 seconds for pending connections to be closed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L64) -- [should shutdown after waiting 150 seconds for pending connections to be closed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L109) +- [should build proxy next upstream using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L36) -### [[Service] backend status code 503](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L32) +### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L27) -- [should return 503 when backend service does not exist](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L35) -- [should return 503 when all backend service endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L53) +- [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L40) +- [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L48) +- [should set proxy-headers-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L60) +- [should set proxy-headers-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L68) +- [should set variables-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L80) +- [should set variables-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L88) +- [should set vmap-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L100) -### [[Service] Type ExternalName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L37) +### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33) -- [works with external name set to incomplete fqdn](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L40) -- [should return 200 for service type=ExternalName without a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L73) -- [should return 200 for service type=ExternalName with a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L107) -- [should return status 502 for service type=ExternalName with an invalid host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L148) -- [should return 200 for service type=ExternalName using a port name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L179) -- [should return 200 for service type=ExternalName using FQDN with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L221) -- [should update the external name after a service update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L252) +- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54) +- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68) +- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82) + +### [[Flag] custom HTTP and HTTPS ports](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L32) + +- [should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L48) +- [should set X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L70) +- [should set the X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L100) + +### [use-forwarded-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L30) + +- [should trust X-Forwarded headers when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L40) +- [should not trust X-Forwarded headers when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L92) + +### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) + +- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) +- [Add multiple custom headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L65) + +### [[Load Balancer] round-robin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L31) + +- [should evenly distribute requests with round-robin (default algorithm)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L39) + +### [[Load Balancer] EWMA](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L31) + +- [does not fail requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L42) + +### [[Load Balancer] load-balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L28) + +- [should apply the configmap load-balance setting](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L35) + +### [[SSL] redirect to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/http_redirect.go#L29) + +- [should redirect from HTTP to HTTPS when secret is missing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/http_redirect.go#L36) + +### [[SSL] secret update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L33) + +- [should not appear references to secret updates not used in ingress rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L40) +- [should return the fake SSL certificate if the secret is invalid](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L82) + +### [[Service] Type ExternalName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L58) + +- [works with external name set to incomplete fqdn](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L61) +- [should return 200 for service type=ExternalName without a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L94) +- [should return 200 for service type=ExternalName with a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L128) +- [should return status 502 for service type=ExternalName with an invalid host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L152) +- [should return 200 for service type=ExternalName using a port name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L183) +- [should return 200 for service type=ExternalName using FQDN with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L216) +- [should update the external name after a service update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L247) +- [should sync ingress on external name service addition/deletion](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L310) + +### [[Service] Nil Service Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L31) + +- [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38) + +### [[Service] backend status code 503](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L33) + +- [should return 503 when backend service does not exist](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L36) +- [should return 503 when all backend service endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L54) diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 2a019ea27..0c65bd0c8 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -488,6 +488,8 @@ Additionally it is possible to set: `` this enables caching for auth requests. specify a lookup key for auth responses. e.g. `$remote_user$http_authorization`. Each server and location has it's own keyspace. Hence a cached response is only valid on a per-server and per-location basis. * `nginx.ingress.kubernetes.io/auth-cache-duration`: `` to specify a caching time for auth responses based on their response codes, e.g. `200 202 30m`. See [proxy_cache_valid](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid) for details. You may specify multiple, comma-separated values: `200 202 10m, 401 5m`. defaults to `200 202 401 5m`. +* `nginx.ingress.kubernetes.io/auth-always-set-cookie`: + `` to set a cookie returned by auth request. By default, the cookie will be set only if an upstream reports with the code 200, 201, 204, 206, 301, 302, 303, 304, 307, or 308. * `nginx.ingress.kubernetes.io/auth-snippet`: `` to specify a custom snippet to use with external authentication, e.g. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 57d79d536..6b6414218 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -1226,6 +1226,11 @@ Enables caching for global auth requests. Specify a lookup key for auth response Set a caching time for auth responses based on their response codes, e.g. `200 202 30m`. See [proxy_cache_valid](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid) for details. You may specify multiple, comma-separated values: `200 202 10m, 401 5m`. defaults to `200 202 401 5m`. +## global-auth-always-set-cookie + +Always set a cookie returned by auth request. By default, the cookie will be set only if an upstream reports with the code 200, 201, 204, 206, 301, 302, 303, 304, 307, or 308. +_**default:**_ false + ## no-auth-locations A comma-separated list of locations that should not get authenticated. diff --git a/hack/generate-e2e-suite-doc.sh b/hack/generate-e2e-suite-doc.sh index c5545945e..2265bb079 100755 --- a/hack/generate-e2e-suite-doc.sh +++ b/hack/generate-e2e-suite-doc.sh @@ -25,9 +25,12 @@ set -o pipefail URL="https://github.com/kubernetes/ingress-nginx/tree/main/" DIR=$(cd $(dirname "${BASH_SOURCE}")/.. && pwd -P) -echo " +echo " -# e2e test suite for [NGINX Ingress Controller]($URL) +# e2e test suite for [Ingress NGINX Controller]($URL) " @@ -37,7 +40,7 @@ for FILE in `find $DIR/test/e2e -name "*.go"`;do # line number DESCRIBE_LINE=$(echo $DESCRIBE | cut -f1 -d ':') # clean describe, extracting the string - DESCRIBE=$(echo $DESCRIBE | sed -En 's/.*"(.*)".*/\1/p') + DESCRIBE=$(echo $DESCRIBE | sed -En 's/.*("|`)(.*)("|`).*/\2/p') FILE_URL=$(echo $FILE | sed "s|${DIR}/|${URL}|g") echo " @@ -48,7 +51,7 @@ for FILE in `find $DIR/test/e2e -name "*.go"`;do ITS=$(cat $FILE | grep -n -oP 'It\(.*') while IFS= read -r line; do IT_LINE=$(echo $line | cut -f1 -d ':') - IT=$(echo $line | sed -En 's/.*"(.*)".*/\1/p') + IT=$(echo $line | sed -En 's/.*("|`)(.*)("|`).*/\2/p') echo "- [$IT]($FILE_URL#L$IT_LINE)" done <<< "$ITS" done diff --git a/internal/ingress/annotations/authreq/main.go b/internal/ingress/annotations/authreq/main.go index 5dd1126fa..b5dc4c70b 100644 --- a/internal/ingress/annotations/authreq/main.go +++ b/internal/ingress/annotations/authreq/main.go @@ -48,6 +48,7 @@ type Config struct { KeepaliveRequests int `json:"keepaliveRequests"` KeepaliveTimeout int `json:"keepaliveTimeout"` ProxySetHeaders map[string]string `json:"proxySetHeaders,omitempty"` + AlwaysSetCookie bool `json:"alwaysSetCookie,omitempty"` } // DefaultCacheDuration is the fallback value if no cache duration is provided @@ -112,6 +113,10 @@ func (e1 *Config) Equal(e2 *Config) bool { return false } + if e1.AlwaysSetCookie != e2.AlwaysSetCookie { + return false + } + return sets.StringElementsMatch(e1.AuthCacheDuration, e2.AuthCacheDuration) } @@ -297,6 +302,8 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) { requestRedirect, _ := parser.GetStringAnnotation("auth-request-redirect", ing) + alwaysSetCookie, _ := parser.GetBoolAnnotation("auth-always-set-cookie", ing) + return &Config{ URL: urlString, Host: authURL.Hostname(), @@ -312,6 +319,7 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) { KeepaliveRequests: keepaliveRequests, KeepaliveTimeout: keepaliveTimeout, ProxySetHeaders: proxySetHeaders, + AlwaysSetCookie: alwaysSetCookie, }, nil } diff --git a/internal/ingress/annotations/authreq/main_test.go b/internal/ingress/annotations/authreq/main_test.go index eac1870e5..e1325235b 100644 --- a/internal/ingress/annotations/authreq/main_test.go +++ b/internal/ingress/annotations/authreq/main_test.go @@ -71,6 +71,13 @@ func buildIngress() *networking.Ingress { } } +func boolToString(v bool) string { + if v { + return "true" + } + return "false" +} + func TestAnnotations(t *testing.T) { ing := buildIngress() @@ -86,19 +93,20 @@ func TestAnnotations(t *testing.T) { requestRedirect string authSnippet string authCacheKey string + authAlwaysSetCookie bool expErr bool }{ - {"empty", "", "", "", "", "", "", "", true}, - {"no scheme", "bar", "bar", "", "", "", "", "", true}, - {"invalid host", "http://", "http://", "", "", "", "", "", true}, - {"invalid host (multiple dots)", "http://foo..bar.com", "http://foo..bar.com", "", "", "", "", "", true}, - {"valid URL", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "", "", "", "", "", false}, - {"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "POST", "", "", "", false}, - {"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "GET", "", "", "", false}, - {"valid URL - request redirect", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "GET", "http://foo.com/redirect-me", "", "", false}, - {"auth snippet", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "", "", "proxy_set_header My-Custom-Header 42;", "", false}, - {"auth cache ", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "", "", "", "$foo$bar", false}, - {"redirect param", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "origUrl", "", "", "", "", false}, + {"empty", "", "", "", "", "", "", "", false, true}, + {"no scheme", "bar", "bar", "", "", "", "", "", false, true}, + {"invalid host", "http://", "http://", "", "", "", "", "", false, true}, + {"invalid host (multiple dots)", "http://foo..bar.com", "http://foo..bar.com", "", "", "", "", "", false, true}, + {"valid URL", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "", "", "", "", "", false, false}, + {"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "POST", "", "", "", false, false}, + {"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "GET", "", "", "", false, false}, + {"valid URL - request redirect", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "GET", "http://foo.com/redirect-me", "", "", false, false}, + {"auth snippet", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "", "", "proxy_set_header My-Custom-Header 42;", "", false, false}, + {"auth cache ", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "", "", "", "$foo$bar", false, false}, + {"redirect param", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "origUrl", "", "", "", "", true, false}, } for _, test := range tests { @@ -109,6 +117,7 @@ func TestAnnotations(t *testing.T) { data[parser.GetAnnotationWithPrefix("auth-request-redirect")] = test.requestRedirect data[parser.GetAnnotationWithPrefix("auth-snippet")] = test.authSnippet data[parser.GetAnnotationWithPrefix("auth-cache-key")] = test.authCacheKey + data[parser.GetAnnotationWithPrefix("auth-always-set-cookie")] = boolToString(test.authAlwaysSetCookie) i, err := NewParser(&resolver.Mock{}).Parse(ing) if test.expErr { @@ -146,6 +155,10 @@ func TestAnnotations(t *testing.T) { if u.AuthCacheKey != test.authCacheKey { t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.authCacheKey, u.AuthCacheKey) } + + if u.AlwaysSetCookie != test.authAlwaysSetCookie { + t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.authAlwaysSetCookie, u.AlwaysSetCookie) + } } } diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index f0dfdc191..a1f35e9fa 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -782,7 +782,7 @@ func NewDefault() Configuration { defNginxStatusIpv4Whitelist = append(defNginxStatusIpv4Whitelist, "127.0.0.1") defNginxStatusIpv6Whitelist = append(defNginxStatusIpv6Whitelist, "::1") defProxyDeadlineDuration := time.Duration(5) * time.Second - defGlobalExternalAuth := GlobalExternalAuth{"", "", "", "", "", append(defResponseHeaders, ""), "", "", "", []string{}, map[string]string{}} + defGlobalExternalAuth := GlobalExternalAuth{"", "", "", "", "", append(defResponseHeaders, ""), "", "", "", []string{}, map[string]string{}, false} cfg := Configuration{ @@ -995,4 +995,5 @@ type GlobalExternalAuth struct { AuthCacheKey string `json:"authCacheKey"` AuthCacheDuration []string `json:"authCacheDuration"` ProxySetHeaders map[string]string `json:"proxySetHeaders,omitempty"` + AlwaysSetCookie bool `json:"alwaysSetCookie,omitempty"` } diff --git a/internal/ingress/controller/template/configmap.go b/internal/ingress/controller/template/configmap.go index 4f3aca444..382cb0367 100644 --- a/internal/ingress/controller/template/configmap.go +++ b/internal/ingress/controller/template/configmap.go @@ -62,6 +62,7 @@ const ( globalAuthSnippet = "global-auth-snippet" globalAuthCacheKey = "global-auth-cache-key" globalAuthCacheDuration = "global-auth-cache-duration" + globalAuthAlwaysSetCookie = "global-auth-always-set-cookie" luaSharedDictsKey = "lua-shared-dicts" plugins = "plugins" ) @@ -315,6 +316,16 @@ func ReadConfig(src map[string]string) config.Configuration { to.GlobalExternalAuth.AuthCacheDuration = cacheDurations } + if val, ok := conf[globalAuthAlwaysSetCookie]; ok { + delete(conf, globalAuthAlwaysSetCookie) + + alwaysSetCookie, err := strconv.ParseBool(val) + if err != nil { + klog.Warningf("Global auth location denied - %s", fmt.Errorf("cannot convert %s to bool: %v", globalAuthAlwaysSetCookie, err)) + } + to.GlobalExternalAuth.AlwaysSetCookie = alwaysSetCookie + } + // Verify that the configured timeout is parsable as a duration. if not, set the default value if val, ok := conf[proxyHeaderTimeout]; ok { delete(conf, proxyHeaderTimeout) diff --git a/internal/ingress/controller/template/configmap_test.go b/internal/ingress/controller/template/configmap_test.go index 1f6ce2fe6..b30e836ee 100644 --- a/internal/ingress/controller/template/configmap_test.go +++ b/internal/ingress/controller/template/configmap_test.go @@ -229,6 +229,34 @@ func TestGlobalExternalAuthSigninParsing(t *testing.T) { } } +func TestGlobalExternalAlwaysSetCookie(t *testing.T) { + testCases := map[string]struct { + alwaysSetCookie string + result bool + }{ + "true": { + alwaysSetCookie: "true", + result: true, + }, + "false": { + alwaysSetCookie: "false", + }, + "set empty": { + alwaysSetCookie: "", + }, + "error": { + alwaysSetCookie: "error string", + }, + } + + for n, tc := range testCases { + cfg := ReadConfig(map[string]string{"global-auth-always-set-cookie": tc.alwaysSetCookie}) + if cfg.GlobalExternalAuth.AlwaysSetCookie != tc.result { + t.Errorf("Testing %v. Expected \"%v\" but \"%v\" was returned", n, tc.result, cfg.GlobalExternalAuth.AlwaysSetCookie) + } + } +} + func TestGlobalExternalAuthSigninRedirectParamParsing(t *testing.T) { testCases := map[string]struct { param string diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index ed7d3cc08..bd0880c77 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -778,7 +778,7 @@ stream { access_log {{ or $cfg.StreamAccessLogPath $cfg.AccessLogPath }} log_stream {{ $cfg.AccessLogParams }}; {{ end }} - + error_log {{ $cfg.ErrorLogPath }} {{ $cfg.ErrorLogLevel }}; {{ if $cfg.EnableRealIp }} {{ range $trusted_ip := $cfg.ProxyRealIPCIDR }} @@ -1292,7 +1292,11 @@ stream { {{ else }} auth_request {{ $authPath }}; auth_request_set $auth_cookie $upstream_http_set_cookie; + {{ if $externalAuth.AlwaysSetCookie }} + add_header Set-Cookie $auth_cookie always; + {{ else }} add_header Set-Cookie $auth_cookie; + {{ end }} {{- range $line := buildAuthResponseHeaders $proxySetHeader $externalAuth.ResponseHeaders false }} {{ $line }} {{- end }} diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go index 0ea97d3ef..d0ca5cf12 100644 --- a/test/e2e/annotations/auth.go +++ b/test/e2e/annotations/auth.go @@ -313,9 +313,12 @@ var _ = framework.DescribeAnnotation("auth-*", func() { }) }) - ginkgo.It("retains cookie set by external authentication server", func() { + ginkgo.Context("cookie set by external authentication server", func() { host := "auth-check-cookies" + var annotations map[string]string + var ing1, ing2 *networking.Ingress + cfg := `# events { worker_connections 1024; @@ -342,40 +345,81 @@ http { location / { return 200; } + + location /error { + return 503; + } } } ` + ginkgo.BeforeEach(func() { + f.NGINXWithConfigDeployment("http-cookie-with-error", cfg) - f.NGINXWithConfigDeployment(framework.HTTPBinService, cfg) + e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), "http-cookie-with-error", metav1.GetOptions{}) + assert.Nil(ginkgo.GinkgoT(), err) - e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{}) - assert.Nil(ginkgo.GinkgoT(), err) + assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint") + assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint") - assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint") - assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint") + httpbinIP := e.Subsets[0].Addresses[0].IP - httpbinIP := e.Subsets[0].Addresses[0].IP + annotations = map[string]string{ + "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/cookies/set/alma/armud", httpbinIP), + "nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start", + } - annotations := map[string]string{ - "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/cookies/set/alma/armud", httpbinIP), - "nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start", - } + ing1 = framework.NewSingleIngress(host, "/", host, f.Namespace, "http-cookie-with-error", 80, annotations) + f.EnsureIngress(ing1) - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) - f.EnsureIngress(ing) + ing2 = framework.NewSingleIngress(host+"-error", "/error", host, f.Namespace, "http-cookie-with-error", 80, annotations) + f.EnsureIngress(ing2) + + f.WaitForNginxServer(host, func(server string) bool { + return strings.Contains(server, "server_name "+host) + }) - f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, "server_name auth") }) - f.HTTPTestClient(). - GET("/"). - WithHeader("Host", host). - WithQuery("a", "b"). - WithQuery("c", "d"). - Expect(). - Status(http.StatusOK). - Header("Set-Cookie").Contains("alma=armud") + ginkgo.It("user retains cookie by default", func() { + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithQuery("a", "b"). + WithQuery("c", "d"). + Expect(). + Status(http.StatusOK). + Header("Set-Cookie").Contains("alma=armud") + }) + + ginkgo.It("user does not retain cookie if upstream returns error status code", func() { + f.HTTPTestClient(). + GET("/error"). + WithHeader("Host", host). + WithQuery("a", "b"). + WithQuery("c", "d"). + Expect(). + Status(http.StatusServiceUnavailable). + Header("Set-Cookie").Contains("") + }) + + ginkgo.It("user with annotated ingress retains cookie if upstream returns error status code", func() { + annotations["nginx.ingress.kubernetes.io/auth-always-set-cookie"] = "true" + f.UpdateIngress(ing1) + f.UpdateIngress(ing2) + + f.WaitForNginxServer(host, func(server string) bool { + return strings.Contains(server, "server_name "+host) + }) + + f.HTTPTestClient(). + GET("/error"). + WithHeader("Host", host). + WithQuery("a", "b"). + WithQuery("c", "d"). + Expect(). + Status(http.StatusServiceUnavailable). + Header("Set-Cookie").Contains("alma=armud") + }) }) ginkgo.Context("when external authentication is configured", func() { diff --git a/test/e2e/settings/global_external_auth.go b/test/e2e/settings/global_external_auth.go index 1e5bf4301..d514080a0 100644 --- a/test/e2e/settings/global_external_auth.go +++ b/test/e2e/settings/global_external_auth.go @@ -17,6 +17,7 @@ limitations under the License. package settings import ( + "context" "fmt" "net/http" "regexp" @@ -24,6 +25,7 @@ import ( "github.com/onsi/ginkgo" "github.com/stretchr/testify/assert" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" networking "k8s.io/api/networking/v1" "k8s.io/ingress-nginx/test/e2e/framework" @@ -150,7 +152,7 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() { Status(http.StatusOK) }) - ginkgo.It("should still return status code 200 after auth backend is deleted using cache ", func() { + ginkgo.It("should still return status code 200 after auth backend is deleted using cache", func() { globalExternalAuthCacheKeySetting := "global-auth-cache-key" globalExternalAuthCacheKey := "foo" @@ -259,4 +261,101 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() { }) + ginkgo.Context("cookie set by external authentication server", func() { + host := "global-external-auth-check-cookies" + var ing1, ing2 *networking.Ingress + + cfg := `# +events { + worker_connections 1024; + multi_accept on; +} + +http { + default_type 'text/plain'; + client_max_body_size 0; + + server { + access_log on; + access_log /dev/stdout; + + listen 80; + + location ~ ^/cookies/set/(?.*)/(?.*) { + content_by_lua_block { + ngx.header['Set-Cookie'] = {ngx.var.key.."="..ngx.var.value} + ngx.say("OK") + } + } + + location / { + return 200; + } + + location /error { + return 503; + } + } +} +` + ginkgo.BeforeEach(func() { + f.NGINXWithConfigDeployment("http-cookie-with-error", cfg) + + e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), "http-cookie-with-error", metav1.GetOptions{}) + assert.Nil(ginkgo.GinkgoT(), err) + + assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint") + assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint") + + httpbinIP := e.Subsets[0].Addresses[0].IP + + f.UpdateNginxConfigMapData(globalExternalAuthURLSetting, fmt.Sprintf("http://%s/cookies/set/alma/armud", httpbinIP)) + + ing1 = framework.NewSingleIngress(host, "/", host, f.Namespace, "http-cookie-with-error", 80, nil) + f.EnsureIngress(ing1) + + ing2 = framework.NewSingleIngress(host+"-error", "/error", host, f.Namespace, "http-cookie-with-error", 80, nil) + f.EnsureIngress(ing2) + + f.WaitForNginxServer(host, func(server string) bool { + return strings.Contains(server, "server_name "+host) + }) + + }) + + ginkgo.It("user retains cookie by default", func() { + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithQuery("a", "b"). + WithQuery("c", "d"). + Expect(). + Status(http.StatusOK). + Header("Set-Cookie").Contains("alma=armud") + }) + + ginkgo.It("user does not retain cookie if upstream returns error status code", func() { + f.HTTPTestClient(). + GET("/error"). + WithHeader("Host", host). + WithQuery("a", "b"). + WithQuery("c", "d"). + Expect(). + Status(http.StatusServiceUnavailable). + Header("Set-Cookie").Contains("") + }) + + ginkgo.It("user with global-auth-always-set-cookie key in configmap retains cookie if upstream returns error status code", func() { + f.UpdateNginxConfigMapData("global-auth-always-set-cookie", "true") + + f.HTTPTestClient(). + GET("/error"). + WithHeader("Host", host). + WithQuery("a", "b"). + WithQuery("c", "d"). + Expect(). + Status(http.StatusServiceUnavailable). + Header("Set-Cookie").Contains("alma=armud") + }) + }) }) From ba3fb460dfe3f5bd49e5b7ca8188ceb0b3faa54d Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Fri, 20 May 2022 01:03:53 +0200 Subject: [PATCH 097/494] opentelemetry use git instead of curl (#8606) --- images/opentelemetry/rootfs/build.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index 43808ed2c..91298274d 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -115,7 +115,7 @@ get_src() echo "Downloading $url" - curl -sSL "$url" -o "$f" + curl -sSL --fail-with-body "$url" -o "$f" echo "$hash $f" | sha256sum -c - || exit 10 tar xzf "$f" rm -rf "$f" @@ -131,9 +131,14 @@ install_nginx() mkdir -p /etc/nginx cd "$BUILD_PATH" - get_src 0528e793a97f942868616449d49326160f9cb67b2253fb2c4864603ac6ab09a9 \ - "https://github.com/open-telemetry/opentelemetry-cpp-contrib/archive/$OPENTELEMETRY_CONTRIB_COMMIT.tar.gz" + # TODO fix curl + # get_src 0528e793a97f942868616449d49326160f9cb67b2253fb2c4864603ac6ab09a9 \ + # "https://github.com/open-telemetry/opentelemetry-cpp-contrib/archive/$OPENTELEMETRY_CONTRIB_COMMIT.tar.gz" + git clone https://github.com/open-telemetry/opentelemetry-cpp-contrib.git \ + opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT} + cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT} + git reset --hard ${OPENTELEMETRY_CONTRIB_COMMIT} cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT}/instrumentation/nginx mkdir -p build cd build From 0240dd3fba0ddd6a306135004fc0d9e2e017f330 Mon Sep 17 00:00:00 2001 From: Patrik Wehrli Date: Sat, 21 May 2022 11:52:00 +0200 Subject: [PATCH 098/494] Add new control-plane toleration for kind 1.24 (#8609) --- deploy/static/provider/kind/1.19/deploy.yaml | 3 +++ deploy/static/provider/kind/1.20/deploy.yaml | 3 +++ deploy/static/provider/kind/1.21/deploy.yaml | 3 +++ deploy/static/provider/kind/1.22/deploy.yaml | 3 +++ deploy/static/provider/kind/1.23/deploy.yaml | 3 +++ deploy/static/provider/kind/deploy.yaml | 3 +++ hack/manifest-templates/provider/kind/values.yaml | 3 +++ 7 files changed, 21 insertions(+) diff --git a/deploy/static/provider/kind/1.19/deploy.yaml b/deploy/static/provider/kind/1.19/deploy.yaml index c61bcf9cd..ed44b79af 100644 --- a/deploy/static/provider/kind/1.19/deploy.yaml +++ b/deploy/static/provider/kind/1.19/deploy.yaml @@ -477,6 +477,9 @@ spec: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Equal + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Equal volumes: - name: webhook-cert secret: diff --git a/deploy/static/provider/kind/1.20/deploy.yaml b/deploy/static/provider/kind/1.20/deploy.yaml index cda06a589..60fb24d4a 100644 --- a/deploy/static/provider/kind/1.20/deploy.yaml +++ b/deploy/static/provider/kind/1.20/deploy.yaml @@ -480,6 +480,9 @@ spec: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Equal + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Equal volumes: - name: webhook-cert secret: diff --git a/deploy/static/provider/kind/1.21/deploy.yaml b/deploy/static/provider/kind/1.21/deploy.yaml index b3fac9bea..049796359 100644 --- a/deploy/static/provider/kind/1.21/deploy.yaml +++ b/deploy/static/provider/kind/1.21/deploy.yaml @@ -483,6 +483,9 @@ spec: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Equal + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Equal volumes: - name: webhook-cert secret: diff --git a/deploy/static/provider/kind/1.22/deploy.yaml b/deploy/static/provider/kind/1.22/deploy.yaml index b3fac9bea..049796359 100644 --- a/deploy/static/provider/kind/1.22/deploy.yaml +++ b/deploy/static/provider/kind/1.22/deploy.yaml @@ -483,6 +483,9 @@ spec: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Equal + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Equal volumes: - name: webhook-cert secret: diff --git a/deploy/static/provider/kind/1.23/deploy.yaml b/deploy/static/provider/kind/1.23/deploy.yaml index b3fac9bea..049796359 100644 --- a/deploy/static/provider/kind/1.23/deploy.yaml +++ b/deploy/static/provider/kind/1.23/deploy.yaml @@ -483,6 +483,9 @@ spec: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Equal + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Equal volumes: - name: webhook-cert secret: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index cda06a589..60fb24d4a 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -480,6 +480,9 @@ spec: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Equal + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Equal volumes: - name: webhook-cert secret: diff --git a/hack/manifest-templates/provider/kind/values.yaml b/hack/manifest-templates/provider/kind/values.yaml index f327c351e..ed636f372 100644 --- a/hack/manifest-templates/provider/kind/values.yaml +++ b/hack/manifest-templates/provider/kind/values.yaml @@ -17,6 +17,9 @@ controller: - key: "node-role.kubernetes.io/master" operator: "Equal" effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Equal" + effect: "NoSchedule" publishService: enabled: false From 4da96ea26a72bf2cdb94d5809a4c9686dccee8ab Mon Sep 17 00:00:00 2001 From: Filip Petkovski Date: Sat, 21 May 2022 20:18:00 +0200 Subject: [PATCH 099/494] Implement reporting status classes in metrics (#8548) This commit introduces a backwards compatible command line option --report-status-classes which will enable reporting response status classes (2xx, 3xx..) instead of status codes in exported metrics. --- cmd/nginx/flags.go | 4 ++ cmd/nginx/main.go | 2 +- docs/user-guide/cli-arguments.md | 1 + internal/ingress/controller/controller.go | 7 ++- internal/ingress/metric/collectors/socket.go | 12 +++- .../ingress/metric/collectors/socket_test.go | 57 ++++++++++++++++--- internal/ingress/metric/main.go | 4 +- 7 files changed, 71 insertions(+), 16 deletions(-) diff --git a/cmd/nginx/flags.go b/cmd/nginx/flags.go index 337a1f827..9a00b58b0 100644 --- a/cmd/nginx/flags.go +++ b/cmd/nginx/flags.go @@ -163,6 +163,9 @@ Requires the update-status parameter.`) `Enables the collection of NGINX metrics`) metricsPerHost = flags.Bool("metrics-per-host", true, `Export metrics per-host`) + reportStatusClasses = flags.Bool("report-status-classes", false, + `Use status classes (2xx, 3xx, 4xx and 5xx) instead of status codes in metrics`) + timeBuckets = flags.Float64Slice("time-buckets", prometheus.DefBuckets, "Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime") lengthBuckets = flags.Float64Slice("length-buckets", prometheus.LinearBuckets(10, 10, 10), "Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength") sizeBuckets = flags.Float64Slice("size-buckets", prometheus.ExponentialBuckets(10, 10, 7), "Set of buckets which will be used for prometheus histogram metrics such as BytesSent") @@ -313,6 +316,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g EnableMetrics: *enableMetrics, MetricsPerHost: *metricsPerHost, MetricsBuckets: histogramBuckets, + ReportStatusClasses: *reportStatusClasses, MonitorMaxBatchSize: *monitorMaxBatchSize, DisableServiceExternalName: *disableServiceExternalName, EnableSSLPassthrough: *enableSSLPassthrough, diff --git a/cmd/nginx/main.go b/cmd/nginx/main.go index b8378d290..d5d6d91e7 100644 --- a/cmd/nginx/main.go +++ b/cmd/nginx/main.go @@ -133,7 +133,7 @@ func main() { mc := metric.NewDummyCollector() if conf.EnableMetrics { - mc, err = metric.NewCollector(conf.MetricsPerHost, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets) + mc, err = metric.NewCollector(conf.MetricsPerHost, conf.ReportStatusClasses, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets) if err != nil { klog.Fatalf("Error creating prometheus collector: %v", err) } diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index f2b0f7a82..ae7c5b3ba 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -47,6 +47,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--publish-service` | Service fronting the Ingress controller. Takes the form "namespace/name". When used together with update-status, the controller mirrors the address of this service's endpoints to the load-balancer status of all Ingress objects it satisfies. | | `--publish-status-address` | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. Requires the update-status parameter. | | `--report-node-internal-ip-address`| Set the load-balancer status of Ingress objects to internal Node addresses instead of external. Requires the update-status parameter. | +| `--report-status-classes` | If true, report status classes in metrics (2xx, 3xx, 4xx and 5xx) instead of full status codes. (default false) | | `--skip_headers` | If true, avoid header prefixes in the log messages | | `--skip_log_headers` | If true, avoid headers when opening log files | | `--ssl-passthrough-proxy-port` | Port to use internally for SSL Passthrough. (default 442) | diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index f43c72d92..44385f175 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -97,9 +97,10 @@ type Configuration struct { EnableProfiling bool - EnableMetrics bool - MetricsPerHost bool - MetricsBuckets *collectors.HistogramBuckets + EnableMetrics bool + MetricsPerHost bool + MetricsBuckets *collectors.HistogramBuckets + ReportStatusClasses bool FakeCertificate *ingress.SSLCert diff --git a/internal/ingress/metric/collectors/socket.go b/internal/ingress/metric/collectors/socket.go index ea4775583..26aebbaef 100644 --- a/internal/ingress/metric/collectors/socket.go +++ b/internal/ingress/metric/collectors/socket.go @@ -85,7 +85,8 @@ type SocketCollector struct { hosts sets.String - metricsPerHost bool + metricsPerHost bool + reportStatusClasses bool buckets HistogramBuckets } @@ -110,7 +111,7 @@ var defObjectives = map[float64]float64{0.5: 0.05, 0.9: 0.01, 0.99: 0.001} // NewSocketCollector creates a new SocketCollector instance using // the ingress watch namespace and class used by the controller -func NewSocketCollector(pod, namespace, class string, metricsPerHost bool, buckets HistogramBuckets) (*SocketCollector, error) { +func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStatusClasses bool, buckets HistogramBuckets) (*SocketCollector, error) { socket := "/tmp/nginx/prometheus-nginx.socket" // unix sockets must be unlink()ed before being used _ = syscall.Unlink(socket) @@ -139,7 +140,8 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost bool, bucke sc := &SocketCollector{ listener: listener, - metricsPerHost: metricsPerHost, + metricsPerHost: metricsPerHost, + reportStatusClasses: reportStatusClasses, responseTime: prometheus.NewHistogramVec( prometheus.HistogramOpts{ @@ -249,6 +251,10 @@ func (sc *SocketCollector) handleMessage(msg []byte) { continue } + if sc.reportStatusClasses && len(stats.Status) > 0 { + stats.Status = fmt.Sprintf("%cxx", stats.Status[0]) + } + // Note these must match the order in requestTags at the top requestLabels := prometheus.Labels{ "status": stats.Status, diff --git a/internal/ingress/metric/collectors/socket_test.go b/internal/ingress/metric/collectors/socket_test.go index 8542d273c..11af7c06d 100644 --- a/internal/ingress/metric/collectors/socket_test.go +++ b/internal/ingress/metric/collectors/socket_test.go @@ -80,12 +80,13 @@ func TestCollector(t *testing.T) { } cases := []struct { - name string - data []string - metrics []string - wantBefore string - removeIngresses []string - wantAfter string + name string + data []string + metrics []string + useStatusClasses bool + wantBefore string + removeIngresses []string + wantAfter string }{ { name: "invalid metric object should not increase prometheus metrics", @@ -371,13 +372,55 @@ func TestCollector(t *testing.T) { wantAfter: ` `, }, + { + name: "valid metric object with status classes should update prometheus metrics", + data: []string{`[{ + "host":"testshop.com", + "status":"200", + "bytesSent":150.0, + "method":"GET", + "path":"/admin", + "requestLength":300.0, + "requestTime":60.0, + "upstreamName":"test-upstream", + "upstreamIP":"1.1.1.1:8080", + "upstreamResponseTime":200, + "upstreamStatus":"220", + "namespace":"test-app-production", + "ingress":"web-yml", + "service":"test-app", + "canary":"" + }]`}, + metrics: []string{"nginx_ingress_controller_response_duration_seconds"}, + useStatusClasses: true, + wantBefore: ` + # HELP nginx_ingress_controller_response_duration_seconds The time spent on receiving the response from the upstream server + # TYPE nginx_ingress_controller_response_duration_seconds histogram + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.005"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.01"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.025"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.05"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.1"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.25"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.5"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="1"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="2.5"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="5"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="10"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="+Inf"} 1 + nginx_ingress_controller_response_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx"} 200 + nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx"} 1 + `, + wantAfter: ` + `, + }, } for _, c := range cases { t.Run(c.name, func(t *testing.T) { registry := prometheus.NewPedanticRegistry() - sc, err := NewSocketCollector("pod", "default", "ingress", true, buckets) + sc, err := NewSocketCollector("pod", "default", "ingress", true, c.useStatusClasses, buckets) if err != nil { t.Errorf("%v: unexpected error creating new SocketCollector: %v", c.name, err) } diff --git a/internal/ingress/metric/main.go b/internal/ingress/metric/main.go index 97a8ca7d4..a0aea1e71 100644 --- a/internal/ingress/metric/main.go +++ b/internal/ingress/metric/main.go @@ -69,7 +69,7 @@ type collector struct { } // NewCollector creates a new metric collector the for ingress controller -func NewCollector(metricsPerHost bool, registry *prometheus.Registry, ingressclass string, buckets collectors.HistogramBuckets) (Collector, error) { +func NewCollector(metricsPerHost, reportStatusClasses bool, registry *prometheus.Registry, ingressclass string, buckets collectors.HistogramBuckets) (Collector, error) { podNamespace := os.Getenv("POD_NAMESPACE") if podNamespace == "" { podNamespace = "default" @@ -87,7 +87,7 @@ func NewCollector(metricsPerHost bool, registry *prometheus.Registry, ingresscla return nil, err } - s, err := collectors.NewSocketCollector(podName, podNamespace, ingressclass, metricsPerHost, buckets) + s, err := collectors.NewSocketCollector(podName, podNamespace, ingressclass, metricsPerHost, reportStatusClasses, buckets) if err != nil { return nil, err } From e0b2db057f29f6f50bc46a6364c4e451c7c103a3 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Mon, 23 May 2022 11:10:02 +0200 Subject: [PATCH 100/494] move so files under /etc/nginx/modules (#8612) --- images/opentelemetry/rootfs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index ae6ddacbd..91832fa55 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -42,4 +42,4 @@ RUN bash /opt/third_party/build.sh -n FROM alpine:3.14.6 COPY --from=base /opt/third_party/init_module.sh /usr/local/bin/init_module.sh COPY --from=nginx /etc/nginx/modules /etc/nginx/modules -COPY --from=nginx /opt/third_party/install/lib /usr/lib +COPY --from=nginx /opt/third_party/install/lib /etc/nginx/modules From 869e18b264748357fa5b788d0a8e887412c5a704 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Renan=20Gon=C3=A7alves?= Date: Mon, 23 May 2022 14:50:03 +0200 Subject: [PATCH 101/494] Avoid race conditions by copying the list before sorting (#8573) When creating several ingresses at the same time a race condition can happen by modifying a variable deep in another object. When this race condition is triggered the generated nginx configuration is broken: ``` nginx: [emerg] invalid parameter "8.8.8.8/32,8" in /tmp/nginx-cfg4027854160:671 nginx: configuration file /tmp/nginx-cfg4027854160 test failed ``` Once it happens, the controller won't ever be able to generate the configuration again. Thus the only option is to restart the process. There is not really a good way to reproduce this issue. It happens quite sporadically every 2 or 3 days. However, after this fix has been applied, we haven't seen it happen after about 4 weeks. Co-authored-by: Ruud van der Weijde --- internal/ingress/annotations/ipwhitelist/main.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/internal/ingress/annotations/ipwhitelist/main.go b/internal/ingress/annotations/ipwhitelist/main.go index 77c2b6cc0..38610ade6 100644 --- a/internal/ingress/annotations/ipwhitelist/main.go +++ b/internal/ingress/annotations/ipwhitelist/main.go @@ -62,18 +62,21 @@ func NewParser(r resolver.Resolver) parser.IngressAnnotation { // e.g. `18.0.0.0/8,56.0.0.0/8` func (a ipwhitelist) Parse(ing *networking.Ingress) (interface{}, error) { defBackend := a.r.GetDefaultBackend() - sort.Strings(defBackend.WhitelistSourceRange) + + defaultWhitelistSourceRange := make([]string, len(defBackend.WhitelistSourceRange)) + copy(defaultWhitelistSourceRange, defBackend.WhitelistSourceRange) + sort.Strings(defaultWhitelistSourceRange) val, err := parser.GetStringAnnotation("whitelist-source-range", ing) // A missing annotation is not a problem, just use the default if err == ing_errors.ErrMissingAnnotations { - return &SourceRange{CIDR: defBackend.WhitelistSourceRange}, nil + return &SourceRange{CIDR: defaultWhitelistSourceRange}, nil } values := strings.Split(val, ",") ipnets, ips, err := net.ParseIPNets(values...) if err != nil && len(ips) == 0 { - return &SourceRange{CIDR: defBackend.WhitelistSourceRange}, ing_errors.LocationDenied{ + return &SourceRange{CIDR: defaultWhitelistSourceRange}, ing_errors.LocationDenied{ Reason: fmt.Errorf("the annotation does not contain a valid IP address or network: %w", err), } } From 6ea466bd21ddf73c5adf5ce22ed450c6fc28b52c Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Mon, 23 May 2022 20:05:10 -0400 Subject: [PATCH 102/494] Bump chart version to 4.1.2 (#8607) Signed-off-by: Mac Chaffee --- charts/ingress-nginx/CHANGELOG.md | 10 ++++++++-- charts/ingress-nginx/Chart.yaml | 18 ++++-------------- charts/ingress-nginx/README.md | 2 +- 3 files changed, 13 insertions(+), 17 deletions(-) diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index 8282972d4..201a4f044 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -2,6 +2,12 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 4.1.2 + +- "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed" +- "[8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter" +- "[8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart" + ### 4.1.0 - "[8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script" @@ -136,11 +142,11 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku - [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx -### 4.0.2 +### 4.0.2 - [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx -### 4.0.1 +### 4.0.1 - [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 10a5fbc30..ec90082b4 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.1.1 +version: 4.1.2 appVersion: 1.2.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer @@ -26,16 +26,6 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "[8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script" - - "[8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6" - - "[8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod" - - "[8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty" - - "[8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector" - - "[8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies" - - "[8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md" - - "[8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing" - - "[8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist" - - "[8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one" - - "[8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement" - - "[8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation" - - "[8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0" + - "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed" + - "[8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter" + - "[8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 7b0b8f819..c3a814a3e 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.1.1](https://img.shields.io/badge/Version-4.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) +![Version: 4.1.2](https://img.shields.io/badge/Version-4.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. From cd6f88af3f976a180ed966dadf273473ae768dfa Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 24 May 2022 04:13:10 +0100 Subject: [PATCH 103/494] Add patch to remove root and alias directives (#8624) --- .../rootfs/patches/drop-alias-root.patch | 144 ++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 images/nginx/rootfs/patches/drop-alias-root.patch diff --git a/images/nginx/rootfs/patches/drop-alias-root.patch b/images/nginx/rootfs/patches/drop-alias-root.patch new file mode 100644 index 000000000..a92e08bd0 --- /dev/null +++ b/images/nginx/rootfs/patches/drop-alias-root.patch @@ -0,0 +1,144 @@ +:100644 100644 c7463dcd 00000000 M src/http/ngx_http_core_module.c +diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c +index c7463dcd..e2e45931 100644 +--- a/src/http/ngx_http_core_module.c ++++ b/src/http/ngx_http_core_module.c +@@ -55,7 +55,6 @@ static char *ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); + static char *ngx_http_core_server_name(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); +-static char *ngx_http_core_root(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); + static char *ngx_http_core_limit_except(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); + static char *ngx_http_core_set_aio(ngx_conf_t *cf, ngx_command_t *cmd, +@@ -323,21 +322,6 @@ static ngx_command_t ngx_http_core_commands[] = { + offsetof(ngx_http_core_loc_conf_t, default_type), + NULL }, + +- { ngx_string("root"), +- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +- |NGX_CONF_TAKE1, +- ngx_http_core_root, +- NGX_HTTP_LOC_CONF_OFFSET, +- 0, +- NULL }, +- +- { ngx_string("alias"), +- NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, +- ngx_http_core_root, +- NGX_HTTP_LOC_CONF_OFFSET, +- 0, +- NULL }, +- + { ngx_string("limit_except"), + NGX_HTTP_LOC_CONF|NGX_CONF_BLOCK|NGX_CONF_1MORE, + ngx_http_core_limit_except, +@@ -4312,108 +4296,6 @@ ngx_http_core_server_name(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) + } + + +-static char * +-ngx_http_core_root(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +-{ +- ngx_http_core_loc_conf_t *clcf = conf; +- +- ngx_str_t *value; +- ngx_int_t alias; +- ngx_uint_t n; +- ngx_http_script_compile_t sc; +- +- alias = (cmd->name.len == sizeof("alias") - 1) ? 1 : 0; +- +- if (clcf->root.data) { +- +- if ((clcf->alias != 0) == alias) { +- return "is duplicate"; +- } +- +- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, +- "\"%V\" directive is duplicate, " +- "\"%s\" directive was specified earlier", +- &cmd->name, clcf->alias ? "alias" : "root"); +- +- return NGX_CONF_ERROR; +- } +- +- if (clcf->named && alias) { +- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, +- "the \"alias\" directive cannot be used " +- "inside the named location"); +- +- return NGX_CONF_ERROR; +- } +- +- value = cf->args->elts; +- +- if (ngx_strstr(value[1].data, "$document_root") +- || ngx_strstr(value[1].data, "${document_root}")) +- { +- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, +- "the $document_root variable cannot be used " +- "in the \"%V\" directive", +- &cmd->name); +- +- return NGX_CONF_ERROR; +- } +- +- if (ngx_strstr(value[1].data, "$realpath_root") +- || ngx_strstr(value[1].data, "${realpath_root}")) +- { +- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, +- "the $realpath_root variable cannot be used " +- "in the \"%V\" directive", +- &cmd->name); +- +- return NGX_CONF_ERROR; +- } +- +- clcf->alias = alias ? clcf->name.len : 0; +- clcf->root = value[1]; +- +- if (!alias && clcf->root.len > 0 +- && clcf->root.data[clcf->root.len - 1] == '/') +- { +- clcf->root.len--; +- } +- +- if (clcf->root.data[0] != '$') { +- if (ngx_conf_full_name(cf->cycle, &clcf->root, 0) != NGX_OK) { +- return NGX_CONF_ERROR; +- } +- } +- +- n = ngx_http_script_variables_count(&clcf->root); +- +- ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); +- sc.variables = n; +- +-#if (NGX_PCRE) +- if (alias && clcf->regex) { +- clcf->alias = NGX_MAX_SIZE_T_VALUE; +- n = 1; +- } +-#endif +- +- if (n) { +- sc.cf = cf; +- sc.source = &clcf->root; +- sc.lengths = &clcf->root_lengths; +- sc.values = &clcf->root_values; +- sc.complete_lengths = 1; +- sc.complete_values = 1; +- +- if (ngx_http_script_compile(&sc) != NGX_OK) { +- return NGX_CONF_ERROR; +- } +- } +- +- return NGX_CONF_OK; +-} +- +- + static ngx_http_method_name_t ngx_methods_names[] = { + { (u_char *) "GET", (uint32_t) ~NGX_HTTP_GET }, + { (u_char *) "HEAD", (uint32_t) ~NGX_HTTP_HEAD }, From ac60ed85ab70bfeb09b43d853741dd34d910d22a Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 24 May 2022 14:10:06 +0100 Subject: [PATCH 104/494] Bump nginx image to version without core directives (#8625) --- Makefile | 2 +- images/echo/Makefile | 2 +- images/nginx/README.md | 2 +- images/nginx/rc.yaml | 2 +- images/test-runner/Makefile | 2 +- test/e2e/framework/deployment.go | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 935035e27..e8d0761aa 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,7 @@ endif REGISTRY ?= gcr.io/k8s-staging-ingress-nginx -BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5 +BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:cd6f88af3f976a180ed966dadf273473ae768dfa@sha256:18f91105e4099941d2efee71a8ec52c6ef7702d5f7e8214b7cb5f25cc10a0b41 GOARCH=$(ARCH) diff --git a/images/echo/Makefile b/images/echo/Makefile index e4f3d7861..3b3c40471 100644 --- a/images/echo/Makefile +++ b/images/echo/Makefile @@ -36,7 +36,7 @@ build: ensure-buildx --platform=${PLATFORMS} $(OUTPUT) \ --progress=$(PROGRESS) \ --pull \ - --build-arg BASE_IMAGE=k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5 \ + --build-arg BASE_IMAGE=k8s.gcr.io/ingress-nginx/nginx:cd6f88af3f976a180ed966dadf273473ae768dfa@sha256:18f91105e4099941d2efee71a8ec52c6ef7702d5f7e8214b7cb5f25cc10a0b41 \ --build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ -t $(IMAGE):$(TAG) rootfs diff --git a/images/nginx/README.md b/images/nginx/README.md index 58323cdd0..50ad00134 100644 --- a/images/nginx/README.md +++ b/images/nginx/README.md @@ -20,6 +20,6 @@ This image provides a default configuration file with no backend servers. _Using docker_ ```console -docker run -v /some/nginx.conf:/etc/nginx/nginx.conf:ro k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5 +docker run -v /some/nginx.conf:/etc/nginx/nginx.conf:ro k8s.gcr.io/ingress-nginx/nginx:cd6f88af3f976a180ed966dadf273473ae768dfa@sha256:18f91105e4099941d2efee71a8ec52c6ef7702d5f7e8214b7cb5f25cc10a0b41 ``` diff --git a/images/nginx/rc.yaml b/images/nginx/rc.yaml index 43dbff1a6..532e22505 100644 --- a/images/nginx/rc.yaml +++ b/images/nginx/rc.yaml @@ -38,7 +38,7 @@ spec: spec: containers: - name: nginx - image: k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5 + image: k8s.gcr.io/ingress-nginx/nginx:cd6f88af3f976a180ed966dadf273473ae768dfa@sha256:18f91105e4099941d2efee71a8ec52c6ef7702d5f7e8214b7cb5f25cc10a0b41 ports: - containerPort: 80 - containerPort: 443 diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 8ebffc5bb..b636a0b9c 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -23,7 +23,7 @@ REGISTRY ?= local IMAGE = $(REGISTRY)/e2e-test-runner -NGINX_BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5 +NGINX_BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:cd6f88af3f976a180ed966dadf273473ae768dfa@sha256:18f91105e4099941d2efee71a8ec52c6ef7702d5f7e8214b7cb5f25cc10a0b41 # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 4338252ff..ae30f2cc1 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -38,7 +38,7 @@ const SlowEchoService = "slow-echo" const HTTPBinService = "httpbin" // NginxBaseImage use for testing -const NginxBaseImage = "k8s.gcr.io/ingress-nginx/nginx:81c2afd975a6f9a9847184472286044d7d5296f6@sha256:a71ac64dd8cfd68341ba47dbdc4d8c2cb91325fce669875193ea0319118201b5" +const NginxBaseImage = "k8s.gcr.io/ingress-nginx/nginx:cd6f88af3f976a180ed966dadf273473ae768dfa@sha256:18f91105e4099941d2efee71a8ec52c6ef7702d5f7e8214b7cb5f25cc10a0b41" type deploymentOptions struct { namespace string From 8963ed17ee36f398505c0c6ac18cabdd8c279d75 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 24 May 2022 17:58:47 +0100 Subject: [PATCH 105/494] Change image build to go install (#8630) --- images/test-runner/rootfs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index e58cf47ad..f18ac148c 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -49,7 +49,7 @@ ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" -RUN go get github.com/onsi/ginkgo/ginkgo golang.org/x/lint/golint +RUN go install github.com/onsi/ginkgo/ginkgo@v1.16.5 && go install golang.org/x/lint/golint@latest ARG RESTY_CLI_VERSION ARG RESTY_CLI_SHA From ac3bbaf068d099e438444fbfa1b3bd1c31a6a183 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Tue, 24 May 2022 19:15:26 +0200 Subject: [PATCH 106/494] update LD_LIBRARY_PATH for OpenTelemetry use (#8628) --- images/nginx/rootfs/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 75c63cff1..2d1d12178 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -24,6 +24,7 @@ RUN apk update \ FROM alpine:3.14.6 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/modules_mount/etc/nginx/modules ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;" ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" From d20a8268b5958c36e1e02502947088359a227a95 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 24 May 2022 20:21:24 +0100 Subject: [PATCH 107/494] Bump testrunner image (#8631) --- build/run-in-docker.sh | 2 +- test/e2e-image/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 4adb7b3e1..355f490db 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -37,7 +37,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220331-controller-v1.1.2-31-gf1cb2b73c@sha256:baa326f5c726d65be828852943a259c1f0572883590b9081b7e8fa982d64d96e} +E2E_IMAGE=${E2E_IMAGE:-k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220524-g8963ed17e@sha256:4fbcbeebd4c24587699b027ad0f0aa7cd9d76b58177a3b50c228bae8141bcf95} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index 15f8392a7..d126a6a95 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,4 +1,4 @@ -FROM k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220416-controller-v1.2.0-beta.0-4-g2e1a4790b@sha256:4468eb8cc9aa0ec3971ddf3811efe363e6f8e9082e95b567a5c27d91f89fb1e3 AS BASE +FROM k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220524-g8963ed17e@sha256:4fbcbeebd4c24587699b027ad0f0aa7cd9d76b58177a3b50c228bae8141bcf95 AS BASE FROM alpine:3.14.6 From b98133db5c036a017f709e6224bb56aae9025072 Mon Sep 17 00:00:00 2001 From: Roman Baumer Date: Tue, 24 May 2022 23:45:23 +0200 Subject: [PATCH 108/494] move creation of dev devices in /chroot/dev from build image to run image, means from chroot.sh to Docherfile.chroot as the docker COPY command seems to make ordinary files from /dev/* (#8619) --- rootfs/Dockerfile.chroot | 9 ++++++++- rootfs/chroot.sh | 7 ------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/rootfs/Dockerfile.chroot b/rootfs/Dockerfile.chroot index 7055f06fc..5ea3ce835 100644 --- a/rootfs/Dockerfile.chroot +++ b/rootfs/Dockerfile.chroot @@ -100,7 +100,14 @@ RUN ln -sf /chroot/etc/nginx /etc/nginx \ && touch /chroot/var/log/nginx/access.log \ && chown www-data:www-data /chroot/var/log/nginx/access.log \ && echo "" > /chroot/etc/resolv.conf \ - && chown -R www-data.www-data /chroot/var/log/nginx /chroot/etc/resolv.conf + && chown -R www-data.www-data /chroot/var/log/nginx /chroot/etc/resolv.conf \ + && mknod -m 0666 /chroot/dev/null c 1 3 \ + && mknod -m 0666 /chroot/dev/random c 1 8 \ + && mknod -m 0666 /chroot/dev/urandom c 1 9 \ + && mknod -m 0666 /chroot/dev/full c 1 7 \ + && mknod -m 0666 /chroot/dev/ptmx c 5 2 \ + && mknod -m 0666 /chroot/dev/zero c 1 5 \ + && mknod -m 0666 /chroot/dev/tty c 5 0 USER www-data diff --git a/rootfs/chroot.sh b/rootfs/chroot.sh index f0591d062..9f3cbd804 100755 --- a/rootfs/chroot.sh +++ b/rootfs/chroot.sh @@ -45,10 +45,3 @@ cp /etc/passwd /etc/group /chroot/etc/ cp -a /usr/* /chroot/usr/ cp -a /etc/nginx/* /chroot/etc/nginx/ cp /lib/ld-musl-* /lib/libcrypto* /lib/libssl* /lib/libz* /chroot/lib/ -mknod -m 0666 /chroot/dev/null c 1 3 -mknod -m 0666 /chroot/dev/random c 1 8 -mknod -m 0666 /chroot/dev/urandom c 1 9 -mknod -m 0666 /chroot/dev/full c 1 7 -mknod -m 0666 /chroot/dev/ptmx c 5 2 -mknod -m 0666 /chroot/dev/zero c 1 5 -mknod -m 0666 /chroot/dev/tty c 5 0 From 4dfb3f2e9a2d8dcd3fc22b049817f9cf08cb8057 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Thu, 26 May 2022 01:49:22 +0100 Subject: [PATCH 109/494] Fix tls1.0 test (#8632) * Fix tls1.0 test * fix algorithm --- test/e2e/settings/tls.go | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/test/e2e/settings/tls.go b/test/e2e/settings/tls.go index b3026aa8c..739e44490 100644 --- a/test/e2e/settings/tls.go +++ b/test/e2e/settings/tls.go @@ -84,28 +84,6 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f assert.Equal(ginkgo.GinkgoT(), int(resp.TLS.Version), tls.VersionTLS12) assert.Equal(ginkgo.GinkgoT(), resp.TLS.CipherSuite, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) }) - ginkgo.It("enforcing TLS v1.0", func() { - f.SetNginxConfigMapData(map[string]string{ - sslCiphers: testCiphers, - sslProtocols: "TLSv1", - }) - - f.WaitForNginxConfiguration( - func(cfg string) bool { - return strings.Contains(cfg, "ssl_protocols TLSv1;") - }) - - resp := f.HTTPTestClientWithTLSConfig(tlsConfig). - GET("/"). - WithURL(f.GetURL(framework.HTTPS)). - WithHeader("Host", host). - Expect(). - Status(http.StatusOK). - Raw() - - assert.Equal(ginkgo.GinkgoT(), int(resp.TLS.Version), tls.VersionTLS10) - assert.Equal(ginkgo.GinkgoT(), resp.TLS.CipherSuite, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) - }) }) ginkgo.Context("should configure HSTS policy header", func() { From bd1eb048b7e828d62bc92c3ecaeb8288efa91365 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Thu, 26 May 2022 14:23:24 +0100 Subject: [PATCH 110/494] Improve path rule (#8623) * Improve path rule * Add nginx configuration tests * Revert framework changes * Add test to patched directives * Fix root conf test * Add comment in new function --- internal/ingress/inspector/rules.go | 4 +- internal/ingress/inspector/rules_test.go | 5 + test/e2e/e2e.go | 1 + test/e2e/framework/deployment.go | 16 ++- test/e2e/framework/framework.go | 71 +++++++++--- test/e2e/nginx/nginx.go | 132 +++++++++++++++++++++++ 6 files changed, 210 insertions(+), 19 deletions(-) create mode 100644 test/e2e/nginx/nginx.go diff --git a/internal/ingress/inspector/rules.go b/internal/ingress/inspector/rules.go index 9c9ade0f2..ab573b7fe 100644 --- a/internal/ingress/inspector/rules.go +++ b/internal/ingress/inspector/rules.go @@ -22,8 +22,8 @@ import ( ) var ( - invalidAliasDirective = regexp.MustCompile(`\s*alias\s*.*;`) - invalidRootDirective = regexp.MustCompile(`\s*root\s*.*;`) + invalidAliasDirective = regexp.MustCompile(`(?s)\s*alias\s*.*;`) + invalidRootDirective = regexp.MustCompile(`(?s)\s*root\s*.*;`) invalidEtcDir = regexp.MustCompile(`/etc/(passwd|shadow|group|nginx|ingress-controller)`) invalidSecretsDir = regexp.MustCompile(`/var/run/secrets`) invalidByLuaDirective = regexp.MustCompile(`.*_by_lua.*`) diff --git a/internal/ingress/inspector/rules_test.go b/internal/ingress/inspector/rules_test.go index 3c8f9f47b..6ed6dbe87 100644 --- a/internal/ingress/inspector/rules_test.go +++ b/internal/ingress/inspector/rules_test.go @@ -35,6 +35,11 @@ func TestCheckRegex(t *testing.T) { wantErr: true, value: " alias blabla/lala ;", }, + { + name: "must refuse invalid alias with line break", + wantErr: true, + value: "alias #\n/lalala/1/;", + }, { name: "must refuse invalid attempt to call /etc", wantErr: true, diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index c0829f5ee..f96d06833 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -40,6 +40,7 @@ import ( _ "k8s.io/ingress-nginx/test/e2e/leaks" _ "k8s.io/ingress-nginx/test/e2e/loadbalance" _ "k8s.io/ingress-nginx/test/e2e/lua" + _ "k8s.io/ingress-nginx/test/e2e/nginx" _ "k8s.io/ingress-nginx/test/e2e/security" _ "k8s.io/ingress-nginx/test/e2e/servicebackend" _ "k8s.io/ingress-nginx/test/e2e/settings" diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index ae30f2cc1..4f34a22ab 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -150,8 +150,9 @@ http { f.NGINXWithConfigDeployment(SlowEchoService, cfg) } -// NGINXWithConfigDeployment creates an NGINX deployment using a configmap containing the nginx.conf configuration -func (f *Framework) NGINXWithConfigDeployment(name string, cfg string) { +// NGINXDeployment creates a new simple NGINX Deployment using NGINX base image +// and passing the desired configuration +func (f *Framework) NGINXDeployment(name string, cfg string, waitendpoint bool) { cfgMap := map[string]string{ "nginx.conf": cfg, } @@ -213,8 +214,15 @@ func (f *Framework) NGINXWithConfigDeployment(name string, cfg string) { f.EnsureService(service) - err = WaitForEndpoints(f.KubeClientSet, DefaultTimeout, name, f.Namespace, 1) - assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready") + if waitendpoint { + err = WaitForEndpoints(f.KubeClientSet, DefaultTimeout, name, f.Namespace, 1) + assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready") + } +} + +// NGINXWithConfigDeployment creates an NGINX deployment using a configmap containing the nginx.conf configuration +func (f *Framework) NGINXWithConfigDeployment(name string, cfg string) { + f.NGINXDeployment(name, cfg, true) } // NewGRPCBinDeployment creates a new deployment of the diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index f0463bd0d..cd18a9738 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -88,8 +88,22 @@ func NewDefaultFramework(baseName string) *Framework { return f } -// BeforeEach gets a client and makes a namespace. -func (f *Framework) BeforeEach() { +// NewSimpleFramework makes a new framework that allows the usage of a namespace +// for arbitraty tests. +func NewSimpleFramework(baseName string) *Framework { + defer ginkgo.GinkgoRecover() + + f := &Framework{ + BaseName: baseName, + } + + ginkgo.BeforeEach(f.CreateEnvironment) + ginkgo.AfterEach(f.DestroyEnvironment) + + return f +} + +func (f *Framework) CreateEnvironment() { var err error if f.KubeClientSet == nil { @@ -107,6 +121,21 @@ func (f *Framework) BeforeEach() { f.Namespace, err = CreateKubeNamespace(f.BaseName, f.KubeClientSet) assert.Nil(ginkgo.GinkgoT(), err, "creating namespace") +} + +func (f *Framework) DestroyEnvironment() { + go func() { + defer ginkgo.GinkgoRecover() + err := DeleteKubeNamespace(f.KubeClientSet, f.Namespace) + assert.Nil(ginkgo.GinkgoT(), err, "deleting namespace %v", f.Namespace) + }() +} + +// BeforeEach gets a client and makes a namespace. +func (f *Framework) BeforeEach() { + var err error + + f.CreateEnvironment() f.IngressClass, err = CreateIngressClass(f.Namespace, f.KubeClientSet) assert.Nil(ginkgo.GinkgoT(), err, "creating IngressClass") @@ -122,13 +151,7 @@ func (f *Framework) BeforeEach() { // AfterEach deletes the namespace, after reading its events. func (f *Framework) AfterEach() { - defer func(kubeClient kubernetes.Interface, ns string) { - go func() { - defer ginkgo.GinkgoRecover() - err := DeleteKubeNamespace(kubeClient, ns) - assert.Nil(ginkgo.GinkgoT(), err, "deleting namespace %v", f.Namespace) - }() - }(f.KubeClientSet, f.Namespace) + defer f.DestroyEnvironment() defer func(kubeClient kubernetes.Interface, ingressclass string) { go func() { @@ -425,26 +448,35 @@ func (f *Framework) DeleteNGINXPod(grace int64) { assert.Nil(ginkgo.GinkgoT(), err, "while waiting for ingress nginx pod to come up again") } +// HTTPDumbTestClient returns a new httpexpect client without BaseURL. +func (f *Framework) HTTPDumbTestClient() *httpexpect.Expect { + return f.newTestClient(nil, false) +} + // HTTPTestClient returns a new httpexpect client for end-to-end HTTP testing. func (f *Framework) HTTPTestClient() *httpexpect.Expect { - return f.newTestClient(nil) + return f.newTestClient(nil, true) } // HTTPTestClientWithTLSConfig returns a new httpexpect client for end-to-end // HTTP testing with a custom TLS configuration. func (f *Framework) HTTPTestClientWithTLSConfig(config *tls.Config) *httpexpect.Expect { - return f.newTestClient(config) + return f.newTestClient(config, true) } -func (f *Framework) newTestClient(config *tls.Config) *httpexpect.Expect { +func (f *Framework) newTestClient(config *tls.Config, setIngressURL bool) *httpexpect.Expect { if config == nil { config = &tls.Config{ InsecureSkipVerify: true, } } + var baseURL string + if setIngressURL { + baseURL = f.GetURL(HTTP) + } return httpexpect.WithConfig(httpexpect.Config{ - BaseURL: f.GetURL(HTTP), + BaseURL: baseURL, Client: &http.Client{ Transport: &http.Transport{ TLSClientConfig: config, @@ -485,6 +517,19 @@ func (f *Framework) WaitForNginxListening(port int) { assert.Nil(ginkgo.GinkgoT(), err, "waiting for ingress controller pod listening on port 80") } +// WaitForPod waits for a specific Pod to be ready, using a label selector +func (f *Framework) WaitForPod(selector string, timeout time.Duration, shouldFail bool) { + err := waitForPodsReady(f.KubeClientSet, timeout, 1, f.Namespace, metav1.ListOptions{ + LabelSelector: selector, + }) + + if shouldFail { + assert.NotNil(ginkgo.GinkgoT(), err, "waiting for pods to be ready") + } else { + assert.Nil(ginkgo.GinkgoT(), err, "waiting for pods to be ready") + } +} + // UpdateDeployment runs the given updateFunc on the deployment and waits for it to be updated func UpdateDeployment(kubeClientSet kubernetes.Interface, namespace string, name string, replicas int, updateFunc func(d *appsv1.Deployment) error) error { deployment, err := kubeClientSet.AppsV1().Deployments(namespace).Get(context.TODO(), name, metav1.GetOptions{}) diff --git a/test/e2e/nginx/nginx.go b/test/e2e/nginx/nginx.go new file mode 100644 index 000000000..74a6d64be --- /dev/null +++ b/test/e2e/nginx/nginx.go @@ -0,0 +1,132 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package nginx + +import ( + "fmt" + "net/http" + "time" + + "github.com/onsi/ginkgo" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var ( + cfgOK = `# + events { + worker_connections 1024; + multi_accept on; + } + + http { + default_type 'text/plain'; + client_max_body_size 0; + + server { + access_log on; + access_log /dev/stdout; + + listen 80; + + location / { + content_by_lua_block { + ngx.print("ok") + } + } + } + } + ` + + cfgAlias = `# + events { + worker_connections 1024; + multi_accept on; + } + + http { + default_type 'text/plain'; + client_max_body_size 0; + + server { + access_log on; + access_log /dev/stdout; + + listen 80; + + location / { + alias /www/html; + } + } + } + ` + + cfgRoot = `# + events { + worker_connections 1024; + multi_accept on; + } + + http { + default_type 'text/plain'; + client_max_body_size 0; + root /srv/www; + server { + access_log on; + access_log /dev/stdout; + + listen 80; + + } + } + ` +) + +var _ = framework.DescribeSetting("nginx-configuration", func() { + f := framework.NewSimpleFramework("nginxconfiguration") + + ginkgo.It("start nginx with default configuration", func() { + + f.NGINXWithConfigDeployment("default-nginx", cfgOK) + f.WaitForPod("app=default-nginx", 60*time.Second, false) + framework.Sleep(5 * time.Second) + + f.HTTPDumbTestClient(). + GET("/"). + WithURL(fmt.Sprintf("http://default-nginx.%s", f.Namespace)). + Expect(). + Status(http.StatusOK).Body().Contains("ok") + }) + + ginkgo.It("fails when using alias directive", func() { + + f.NGINXDeployment("alias-nginx", cfgAlias, false) + // This should fail with a crashloopback because our NGINX does not have + // alias directive! + f.WaitForPod("app=alias-nginx", 60*time.Second, true) + + }) + + ginkgo.It("fails when using root directive", func() { + + f.NGINXDeployment("root-nginx", cfgRoot, false) + // This should fail with a crashloopback because our NGINX does not have + // root directive! + f.WaitForPod("app=root-nginx", 60*time.Second, true) + + }) +}) From 227a1eb4d315489d49adaacab19da9ad8f12818a Mon Sep 17 00:00:00 2001 From: Patrick O'Brien Date: Thu, 26 May 2022 23:33:56 +0000 Subject: [PATCH 111/494] Fix small typo in GRPC README (#8639) --- docs/examples/grpc/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/examples/grpc/README.md b/docs/examples/grpc/README.md index 2d1929b66..cf4597fcd 100644 --- a/docs/examples/grpc/README.md +++ b/docs/examples/grpc/README.md @@ -86,7 +86,7 @@ This example demonstrates how to route traffic to a gRPC service through the Ing ### Step 3: Create the Kubernetes `Ingress` resource for the gRPC app -- Use the following example manifest of a ingress resource to create a ingress for your grpc app. If required, edit it to match your app's details like name, namespace, service, secret etc. Make sure you have the required SSL-Certificate, existing in your Kubernetes cluster in the same namespace where the gRPC app is. The certificate must be available as a kubernetes secret resource, of type "kubernete.io/tls" https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets. This is because we are terminating TLS on the ingress. +- Use the following example manifest of a ingress resource to create a ingress for your grpc app. If required, edit it to match your app's details like name, namespace, service, secret etc. Make sure you have the required SSL-Certificate, existing in your Kubernetes cluster in the same namespace where the gRPC app is. The certificate must be available as a kubernetes secret resource, of type "kubernetes.io/tls" https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets. This is because we are terminating TLS on the ingress. ``` cat < Date: Mon, 30 May 2022 00:14:51 +0430 Subject: [PATCH 112/494] update nginx otel LD_LIBRARY_PATH (#8641) --- images/nginx/rootfs/Dockerfile | 1 - rootfs/Dockerfile | 2 ++ rootfs/Dockerfile.chroot | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 2d1d12178..75c63cff1 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -24,7 +24,6 @@ RUN apk update \ FROM alpine:3.14.6 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin -ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/modules_mount/etc/nginx/modules ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;" ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 1eab94c58..0bf9a0304 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -31,6 +31,8 @@ LABEL org.opencontainers.image.revision="${COMMIT_SHA}" LABEL build_id="${BUILD_ID}" +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/modules_mount/etc/nginx/modules/modules + WORKDIR /etc/nginx RUN apk update \ diff --git a/rootfs/Dockerfile.chroot b/rootfs/Dockerfile.chroot index 5ea3ce835..04adccf8a 100644 --- a/rootfs/Dockerfile.chroot +++ b/rootfs/Dockerfile.chroot @@ -44,6 +44,7 @@ LABEL build_id="${BUILD_ID}" ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;" ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/modules_mount/etc/nginx/modules/modules RUN apk update \ && apk upgrade \ From 08848d69e0c83992c89da18e70ea708752f21d7a Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 29 May 2022 22:00:51 +0100 Subject: [PATCH 113/494] Start release of v1.2.1 (#8645) --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 79127d85a..6a5e98a74 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.2.0 +v1.2.1 From c32f9a43279425920c41ba2e54dfcb1a54c0daf7 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Tue, 31 May 2022 21:26:53 +0800 Subject: [PATCH 114/494] chore: release v1.2.1 (#8646) * chore: release v1.2.1 Signed-off-by: Jintao Zhang * chore: generate static yaml Signed-off-by: Jintao Zhang --- Changelog.md | 21 + charts/ingress-nginx/Chart.yaml | 15 +- charts/ingress-nginx/README.md | 8 +- charts/ingress-nginx/values.yaml | 6 +- deploy/static/provider/aws/1.19/deploy.yaml | 42 +- deploy/static/provider/aws/1.20/deploy.yaml | 42 +- deploy/static/provider/aws/1.21/deploy.yaml | 42 +- deploy/static/provider/aws/1.22/deploy.yaml | 42 +- deploy/static/provider/aws/1.23/deploy.yaml | 42 +- deploy/static/provider/aws/deploy.yaml | 663 ++++++++++++++++- .../nlb-with-tls-termination/1.19/deploy.yaml | 42 +- .../nlb-with-tls-termination/1.20/deploy.yaml | 42 +- .../nlb-with-tls-termination/1.21/deploy.yaml | 42 +- .../nlb-with-tls-termination/1.22/deploy.yaml | 42 +- .../nlb-with-tls-termination/1.23/deploy.yaml | 42 +- .../aws/nlb-with-tls-termination/deploy.yaml | 675 +++++++++++++++++- .../provider/baremetal/1.19/deploy.yaml | 42 +- .../provider/baremetal/1.20/deploy.yaml | 42 +- .../provider/baremetal/1.21/deploy.yaml | 42 +- .../provider/baremetal/1.22/deploy.yaml | 42 +- .../provider/baremetal/1.23/deploy.yaml | 42 +- deploy/static/provider/baremetal/deploy.yaml | 657 ++++++++++++++++- deploy/static/provider/cloud/1.19/deploy.yaml | 42 +- deploy/static/provider/cloud/1.20/deploy.yaml | 42 +- deploy/static/provider/cloud/1.21/deploy.yaml | 42 +- deploy/static/provider/cloud/1.22/deploy.yaml | 42 +- deploy/static/provider/cloud/1.23/deploy.yaml | 42 +- deploy/static/provider/cloud/deploy.yaml | 659 ++++++++++++++++- deploy/static/provider/do/1.19/deploy.yaml | 42 +- deploy/static/provider/do/1.20/deploy.yaml | 42 +- deploy/static/provider/do/1.21/deploy.yaml | 42 +- deploy/static/provider/do/1.22/deploy.yaml | 42 +- deploy/static/provider/do/1.23/deploy.yaml | 42 +- deploy/static/provider/do/deploy.yaml | 663 ++++++++++++++++- .../static/provider/exoscale/1.19/deploy.yaml | 42 +- .../static/provider/exoscale/1.20/deploy.yaml | 42 +- .../static/provider/exoscale/1.21/deploy.yaml | 42 +- .../static/provider/exoscale/1.22/deploy.yaml | 42 +- .../static/provider/exoscale/1.23/deploy.yaml | 42 +- deploy/static/provider/exoscale/deploy.yaml | 669 ++++++++++++++++- deploy/static/provider/kind/1.19/deploy.yaml | 42 +- deploy/static/provider/kind/1.20/deploy.yaml | 42 +- deploy/static/provider/kind/1.21/deploy.yaml | 42 +- deploy/static/provider/kind/1.22/deploy.yaml | 42 +- deploy/static/provider/kind/1.23/deploy.yaml | 42 +- deploy/static/provider/kind/deploy.yaml | 673 ++++++++++++++++- deploy/static/provider/scw/1.19/deploy.yaml | 42 +- deploy/static/provider/scw/1.20/deploy.yaml | 42 +- deploy/static/provider/scw/1.21/deploy.yaml | 42 +- deploy/static/provider/scw/1.22/deploy.yaml | 42 +- deploy/static/provider/scw/1.23/deploy.yaml | 42 +- deploy/static/provider/scw/deploy.yaml | 662 ++++++++++++++++- 52 files changed, 6031 insertions(+), 1020 deletions(-) diff --git a/Changelog.md b/Changelog.md index b1c94f12f..494a0226b 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,26 @@ # Changelog +### 1.2.1 + +Image: +- k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 +- k8s.gcr.io/ingress-nginx/controller-chroot:v1.2.1@sha256:d301551cf62bc3fb75c69fa56f7aa1d9e87b5079333adaf38afe84d9b7439355 + +This release removes the root and alias directives in NGINX, this can avoid some potential security attacks. + +_Changes:_ + +- [8459](https://github.com/kubernetes/ingress-nginx/pull/8459) Update default allowed CORS headers +- [8202](https://github.com/kubernetes/ingress-nginx/pull/8202) disable modsecurity on error page +- [8178](https://github.com/kubernetes/ingress-nginx/pull/8178) Add header Host into mirror annotations +- [8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter +- [8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed +- [8213](https://github.com/kubernetes/ingress-nginx/pull/8213) feat: always set auth cookie +- [8548](https://github.com/kubernetes/ingress-nginx/pull/8548) Implement reporting status classes in metrics +- [8612](https://github.com/kubernetes/ingress-nginx/pull/8612) move so files under /etc/nginx/modules +- [8624](https://github.com/kubernetes/ingress-nginx/pull/8624) Add patch to remove root and alias directives +- [8623](https://github.com/kubernetes/ingress-nginx/pull/8623) Improve path rule + ### 1.2.0 Image: diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index ec90082b4..695d1f395 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.1.2 -appVersion: 1.2.0 +version: 4.1.3 +appVersion: 1.2.1 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -26,6 +26,11 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed" - - "[8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter" - - "[8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart" + - "[8459](https://github.com/kubernetes/ingress-nginx/pull/8459) Update default allowed CORS headers" + - "[8202](https://github.com/kubernetes/ingress-nginx/pull/8202) disable modsecurity on error page" + - "[8178](https://github.com/kubernetes/ingress-nginx/pull/8178) Add header Host into mirror annotations" + - "[8213](https://github.com/kubernetes/ingress-nginx/pull/8213) feat: always set auth cookie" + - "[8548](https://github.com/kubernetes/ingress-nginx/pull/8548) Implement reporting status classes in metrics" + - "[8612](https://github.com/kubernetes/ingress-nginx/pull/8612) move so files under /etc/nginx/modules" + - "[8624](https://github.com/kubernetes/ingress-nginx/pull/8624) Add patch to remove root and alias directives" + - "[8623](https://github.com/kubernetes/ingress-nginx/pull/8623) Improve path rule" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index c3a814a3e..5d45c095f 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.1.2](https://img.shields.io/badge/Version-4.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) +![Version: 4.1.3](https://img.shields.io/badge/Version-4.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -307,13 +307,13 @@ Kubernetes: `>=1.19.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185"` | | -| controller.image.digestChroot | string | `"sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5"` | | +| controller.image.digest | string | `"sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8"` | | +| controller.image.digestChroot | string | `"sha256:d301551cf62bc3fb75c69fa56f7aa1d9e87b5079333adaf38afe84d9b7439355"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"k8s.gcr.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.2.0"` | | +| controller.image.tag | string | `"v1.2.1"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index f52f71d8e..d204b2583 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.2.0" - digest: sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 - digestChroot: sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5 + tag: "v1.2.1" + digest: sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + digestChroot: sha256:d301551cf62bc3fb75c69fa56f7aa1d9e87b5079333adaf38afe84d9b7439355 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 diff --git a/deploy/static/provider/aws/1.19/deploy.yaml b/deploy/static/provider/aws/1.19/deploy.yaml index 2418f570a..fb7624911 100644 --- a/deploy/static/provider/aws/1.19/deploy.yaml +++ b/deploy/static/provider/aws/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -371,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +483,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +494,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +530,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +541,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.20/deploy.yaml b/deploy/static/provider/aws/1.20/deploy.yaml index ec3da5e2a..b743df75c 100644 --- a/deploy/static/provider/aws/1.20/deploy.yaml +++ b/deploy/static/provider/aws/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -351,7 +351,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -374,7 +374,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -486,7 +486,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -497,7 +497,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -533,7 +533,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -544,7 +544,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -582,7 +582,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -595,7 +595,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.21/deploy.yaml b/deploy/static/provider/aws/1.21/deploy.yaml index d60a4231d..bc8e5d1b7 100644 --- a/deploy/static/provider/aws/1.21/deploy.yaml +++ b/deploy/static/provider/aws/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -354,7 +354,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +489,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +500,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +536,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +547,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +585,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +598,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.22/deploy.yaml b/deploy/static/provider/aws/1.22/deploy.yaml index d60a4231d..bc8e5d1b7 100644 --- a/deploy/static/provider/aws/1.22/deploy.yaml +++ b/deploy/static/provider/aws/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -354,7 +354,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +489,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +500,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +536,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +547,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +585,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +598,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.23/deploy.yaml b/deploy/static/provider/aws/1.23/deploy.yaml index d60a4231d..bc8e5d1b7 100644 --- a/deploy/static/provider/aws/1.23/deploy.yaml +++ b/deploy/static/provider/aws/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +321,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -354,7 +354,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +489,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +500,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +536,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +547,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +585,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +598,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index ec3da5e2a..e04e7831f 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -1,621 +1,1242 @@ +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Namespace +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 automountServiceAccountToken: true +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resourceNames: +#GENERATED FOR K8S 1.20 - ingress-controller-leader +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - admissionregistration.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - validatingwebhookconfigurations +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 data: +#GENERATED FOR K8S 1.20 allow-snippet-annotations: "true" +#GENERATED FOR K8S 1.20 kind: ConfigMap +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 annotations: +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/aws-load-balancer-type: nlb +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 externalTrafficPolicy: Local +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: http +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 port: 80 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: http +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: https +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: LoadBalancer +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https-webhook +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 targetPort: webhook +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: ClusterIP +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: apps/v1 +#GENERATED FOR K8S 1.20 kind: Deployment +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 minReadySeconds: 0 +#GENERATED FOR K8S 1.20 revisionHistoryLimit: 10 +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 matchLabels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - /nginx-ingress-controller +#GENERATED FOR K8S 1.20 - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --election-id=ingress-controller-leader +#GENERATED FOR K8S 1.20 - --controller-class=k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 - --ingress-class=nginx +#GENERATED FOR K8S 1.20 - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --validating-webhook=:8443 +#GENERATED FOR K8S 1.20 - --validating-webhook-certificate=/usr/local/certificates/cert +#GENERATED FOR K8S 1.20 - --validating-webhook-key=/usr/local/certificates/key +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAME +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.name +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 - name: LD_PRELOAD +#GENERATED FOR K8S 1.20 value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 +#GENERATED FOR K8S 1.20 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 lifecycle: +#GENERATED FOR K8S 1.20 preStop: +#GENERATED FOR K8S 1.20 exec: +#GENERATED FOR K8S 1.20 command: +#GENERATED FOR K8S 1.20 - /wait-shutdown +#GENERATED FOR K8S 1.20 livenessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 5 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 name: controller +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - containerPort: 80 +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 443 +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 8443 +#GENERATED FOR K8S 1.20 name: webhook +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 readinessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 3 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 requests: +#GENERATED FOR K8S 1.20 cpu: 100m +#GENERATED FOR K8S 1.20 memory: 90Mi +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: true +#GENERATED FOR K8S 1.20 capabilities: +#GENERATED FOR K8S 1.20 add: +#GENERATED FOR K8S 1.20 - NET_BIND_SERVICE +#GENERATED FOR K8S 1.20 drop: +#GENERATED FOR K8S 1.20 - ALL +#GENERATED FOR K8S 1.20 runAsUser: 101 +#GENERATED FOR K8S 1.20 volumeMounts: +#GENERATED FOR K8S 1.20 - mountPath: /usr/local/certificates/ +#GENERATED FOR K8S 1.20 name: webhook-cert +#GENERATED FOR K8S 1.20 readOnly: true +#GENERATED FOR K8S 1.20 dnsPolicy: ClusterFirst +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx +#GENERATED FOR K8S 1.20 terminationGracePeriodSeconds: 300 +#GENERATED FOR K8S 1.20 volumes: +#GENERATED FOR K8S 1.20 - name: webhook-cert +#GENERATED FOR K8S 1.20 secret: +#GENERATED FOR K8S 1.20 secretName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: create +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - --webhook-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --patch-mutating=false +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --patch-failure-policy=Fail +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: patch +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: networking.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: IngressClass +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 controller: k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: admissionregistration.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ValidatingWebhookConfiguration +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 webhooks: +#GENERATED FOR K8S 1.20 - admissionReviewVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 clientConfig: +#GENERATED FOR K8S 1.20 service: +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 path: /networking/v1/ingresses +#GENERATED FOR K8S 1.20 failurePolicy: Fail +#GENERATED FOR K8S 1.20 matchPolicy: Equivalent +#GENERATED FOR K8S 1.20 name: validate.nginx.ingress.kubernetes.io +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 apiVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 operations: +#GENERATED FOR K8S 1.20 - CREATE +#GENERATED FOR K8S 1.20 - UPDATE +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 sideEffects: None diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml index fd51f29f3..41fb24404 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -358,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -380,7 +380,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -420,7 +420,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +495,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +506,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +542,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +553,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml index befb2856f..69691dc68 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +360,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +383,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -498,7 +498,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -509,7 +509,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -545,7 +545,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -556,7 +556,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -607,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml index 59f098d43..06b7ba878 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -426,7 +426,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -501,7 +501,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -512,7 +512,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -559,7 +559,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -610,7 +610,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml index 59f098d43..06b7ba878 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -426,7 +426,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -501,7 +501,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -512,7 +512,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -559,7 +559,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -610,7 +610,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml index 59f098d43..06b7ba878 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -426,7 +426,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -501,7 +501,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -512,7 +512,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -559,7 +559,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -610,7 +610,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index befb2856f..539ff6b42 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -1,633 +1,1266 @@ +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Namespace +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 automountServiceAccountToken: true +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resourceNames: +#GENERATED FOR K8S 1.20 - ingress-controller-leader +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - admissionregistration.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - validatingwebhookconfigurations +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 data: +#GENERATED FOR K8S 1.20 allow-snippet-annotations: "true" +#GENERATED FOR K8S 1.20 http-snippet: | +#GENERATED FOR K8S 1.20 server { +#GENERATED FOR K8S 1.20 listen 2443; +#GENERATED FOR K8S 1.20 return 308 https://$host$request_uri; +#GENERATED FOR K8S 1.20 } +#GENERATED FOR K8S 1.20 proxy-real-ip-cidr: XXX.XXX.XXX/XX +#GENERATED FOR K8S 1.20 use-forwarded-headers: "true" +#GENERATED FOR K8S 1.20 kind: ConfigMap +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 annotations: +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/aws-load-balancer-type: nlb +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 externalTrafficPolicy: Local +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: http +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 port: 80 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: tohttps +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: http +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: LoadBalancer +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https-webhook +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 targetPort: webhook +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: ClusterIP +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: apps/v1 +#GENERATED FOR K8S 1.20 kind: Deployment +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 minReadySeconds: 0 +#GENERATED FOR K8S 1.20 revisionHistoryLimit: 10 +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 matchLabels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - /nginx-ingress-controller +#GENERATED FOR K8S 1.20 - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --election-id=ingress-controller-leader +#GENERATED FOR K8S 1.20 - --controller-class=k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 - --ingress-class=nginx +#GENERATED FOR K8S 1.20 - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --validating-webhook=:8443 +#GENERATED FOR K8S 1.20 - --validating-webhook-certificate=/usr/local/certificates/cert +#GENERATED FOR K8S 1.20 - --validating-webhook-key=/usr/local/certificates/key +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAME +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.name +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 - name: LD_PRELOAD +#GENERATED FOR K8S 1.20 value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 +#GENERATED FOR K8S 1.20 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 lifecycle: +#GENERATED FOR K8S 1.20 preStop: +#GENERATED FOR K8S 1.20 exec: +#GENERATED FOR K8S 1.20 command: +#GENERATED FOR K8S 1.20 - /wait-shutdown +#GENERATED FOR K8S 1.20 livenessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 5 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 name: controller +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - containerPort: 80 +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 80 +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 2443 +#GENERATED FOR K8S 1.20 name: tohttps +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 8443 +#GENERATED FOR K8S 1.20 name: webhook +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 readinessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 3 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 requests: +#GENERATED FOR K8S 1.20 cpu: 100m +#GENERATED FOR K8S 1.20 memory: 90Mi +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: true +#GENERATED FOR K8S 1.20 capabilities: +#GENERATED FOR K8S 1.20 add: +#GENERATED FOR K8S 1.20 - NET_BIND_SERVICE +#GENERATED FOR K8S 1.20 drop: +#GENERATED FOR K8S 1.20 - ALL +#GENERATED FOR K8S 1.20 runAsUser: 101 +#GENERATED FOR K8S 1.20 volumeMounts: +#GENERATED FOR K8S 1.20 - mountPath: /usr/local/certificates/ +#GENERATED FOR K8S 1.20 name: webhook-cert +#GENERATED FOR K8S 1.20 readOnly: true +#GENERATED FOR K8S 1.20 dnsPolicy: ClusterFirst +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx +#GENERATED FOR K8S 1.20 terminationGracePeriodSeconds: 300 +#GENERATED FOR K8S 1.20 volumes: +#GENERATED FOR K8S 1.20 - name: webhook-cert +#GENERATED FOR K8S 1.20 secret: +#GENERATED FOR K8S 1.20 secretName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: create +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - --webhook-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --patch-mutating=false +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --patch-failure-policy=Fail +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: patch +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: networking.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: IngressClass +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 controller: k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: admissionregistration.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ValidatingWebhookConfiguration +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 webhooks: +#GENERATED FOR K8S 1.20 - admissionReviewVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 clientConfig: +#GENERATED FOR K8S 1.20 service: +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 path: /networking/v1/ingresses +#GENERATED FOR K8S 1.20 failurePolicy: Fail +#GENERATED FOR K8S 1.20 matchPolicy: Equivalent +#GENERATED FOR K8S 1.20 name: validate.nginx.ingress.kubernetes.io +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 apiVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 operations: +#GENERATED FOR K8S 1.20 - CREATE +#GENERATED FOR K8S 1.20 - UPDATE +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 sideEffects: None diff --git a/deploy/static/provider/baremetal/1.19/deploy.yaml b/deploy/static/provider/baremetal/1.19/deploy.yaml index 34e59b0e8..1f6a394d9 100644 --- a/deploy/static/provider/baremetal/1.19/deploy.yaml +++ b/deploy/static/provider/baremetal/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -366,7 +366,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -405,7 +405,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -477,7 +477,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -488,7 +488,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -524,7 +524,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -535,7 +535,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -586,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.20/deploy.yaml b/deploy/static/provider/baremetal/1.20/deploy.yaml index c15db447e..c2120f08d 100644 --- a/deploy/static/provider/baremetal/1.20/deploy.yaml +++ b/deploy/static/provider/baremetal/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -346,7 +346,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -369,7 +369,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -408,7 +408,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -480,7 +480,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -491,7 +491,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -527,7 +527,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -538,7 +538,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -576,7 +576,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -589,7 +589,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.21/deploy.yaml b/deploy/static/provider/baremetal/1.21/deploy.yaml index fc13865cb..c0b077e79 100644 --- a/deploy/static/provider/baremetal/1.21/deploy.yaml +++ b/deploy/static/provider/baremetal/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +483,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +494,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +530,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +541,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.22/deploy.yaml b/deploy/static/provider/baremetal/1.22/deploy.yaml index fc13865cb..c0b077e79 100644 --- a/deploy/static/provider/baremetal/1.22/deploy.yaml +++ b/deploy/static/provider/baremetal/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +483,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +494,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +530,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +541,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.23/deploy.yaml b/deploy/static/provider/baremetal/1.23/deploy.yaml index fc13865cb..c0b077e79 100644 --- a/deploy/static/provider/baremetal/1.23/deploy.yaml +++ b/deploy/static/provider/baremetal/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +483,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +494,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +530,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +541,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index c15db447e..adcdeccc0 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -1,615 +1,1230 @@ +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Namespace +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 automountServiceAccountToken: true +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resourceNames: +#GENERATED FOR K8S 1.20 - ingress-controller-leader +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - admissionregistration.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - validatingwebhookconfigurations +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 data: +#GENERATED FOR K8S 1.20 allow-snippet-annotations: "true" +#GENERATED FOR K8S 1.20 kind: ConfigMap +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: http +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 port: 80 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: http +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: https +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: NodePort +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https-webhook +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 targetPort: webhook +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: ClusterIP +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: apps/v1 +#GENERATED FOR K8S 1.20 kind: Deployment +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 minReadySeconds: 0 +#GENERATED FOR K8S 1.20 revisionHistoryLimit: 10 +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 matchLabels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - /nginx-ingress-controller +#GENERATED FOR K8S 1.20 - --election-id=ingress-controller-leader +#GENERATED FOR K8S 1.20 - --controller-class=k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 - --ingress-class=nginx +#GENERATED FOR K8S 1.20 - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --validating-webhook=:8443 +#GENERATED FOR K8S 1.20 - --validating-webhook-certificate=/usr/local/certificates/cert +#GENERATED FOR K8S 1.20 - --validating-webhook-key=/usr/local/certificates/key +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAME +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.name +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 - name: LD_PRELOAD +#GENERATED FOR K8S 1.20 value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 +#GENERATED FOR K8S 1.20 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 lifecycle: +#GENERATED FOR K8S 1.20 preStop: +#GENERATED FOR K8S 1.20 exec: +#GENERATED FOR K8S 1.20 command: +#GENERATED FOR K8S 1.20 - /wait-shutdown +#GENERATED FOR K8S 1.20 livenessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 5 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 name: controller +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - containerPort: 80 +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 443 +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 8443 +#GENERATED FOR K8S 1.20 name: webhook +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 readinessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 3 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 requests: +#GENERATED FOR K8S 1.20 cpu: 100m +#GENERATED FOR K8S 1.20 memory: 90Mi +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: true +#GENERATED FOR K8S 1.20 capabilities: +#GENERATED FOR K8S 1.20 add: +#GENERATED FOR K8S 1.20 - NET_BIND_SERVICE +#GENERATED FOR K8S 1.20 drop: +#GENERATED FOR K8S 1.20 - ALL +#GENERATED FOR K8S 1.20 runAsUser: 101 +#GENERATED FOR K8S 1.20 volumeMounts: +#GENERATED FOR K8S 1.20 - mountPath: /usr/local/certificates/ +#GENERATED FOR K8S 1.20 name: webhook-cert +#GENERATED FOR K8S 1.20 readOnly: true +#GENERATED FOR K8S 1.20 dnsPolicy: ClusterFirst +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx +#GENERATED FOR K8S 1.20 terminationGracePeriodSeconds: 300 +#GENERATED FOR K8S 1.20 volumes: +#GENERATED FOR K8S 1.20 - name: webhook-cert +#GENERATED FOR K8S 1.20 secret: +#GENERATED FOR K8S 1.20 secretName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: create +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - --webhook-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --patch-mutating=false +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --patch-failure-policy=Fail +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: patch +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: networking.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: IngressClass +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 controller: k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: admissionregistration.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ValidatingWebhookConfiguration +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 webhooks: +#GENERATED FOR K8S 1.20 - admissionReviewVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 clientConfig: +#GENERATED FOR K8S 1.20 service: +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 path: /networking/v1/ingresses +#GENERATED FOR K8S 1.20 failurePolicy: Fail +#GENERATED FOR K8S 1.20 matchPolicy: Equivalent +#GENERATED FOR K8S 1.20 name: validate.nginx.ingress.kubernetes.io +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 apiVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 operations: +#GENERATED FOR K8S 1.20 - CREATE +#GENERATED FOR K8S 1.20 - UPDATE +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 sideEffects: None diff --git a/deploy/static/provider/cloud/1.19/deploy.yaml b/deploy/static/provider/cloud/1.19/deploy.yaml index a495871bc..534b773fa 100644 --- a/deploy/static/provider/cloud/1.19/deploy.yaml +++ b/deploy/static/provider/cloud/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -345,7 +345,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -367,7 +367,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -407,7 +407,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -479,7 +479,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -490,7 +490,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -526,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -537,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -575,7 +575,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -588,7 +588,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.20/deploy.yaml b/deploy/static/provider/cloud/1.20/deploy.yaml index da818cd3a..1302adb77 100644 --- a/deploy/static/provider/cloud/1.20/deploy.yaml +++ b/deploy/static/provider/cloud/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -347,7 +347,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -370,7 +370,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +482,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +493,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +578,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.21/deploy.yaml b/deploy/static/provider/cloud/1.21/deploy.yaml index f1f62d478..c6391037e 100644 --- a/deploy/static/provider/cloud/1.21/deploy.yaml +++ b/deploy/static/provider/cloud/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.22/deploy.yaml b/deploy/static/provider/cloud/1.22/deploy.yaml index f1f62d478..c6391037e 100644 --- a/deploy/static/provider/cloud/1.22/deploy.yaml +++ b/deploy/static/provider/cloud/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.23/deploy.yaml b/deploy/static/provider/cloud/1.23/deploy.yaml index f1f62d478..c6391037e 100644 --- a/deploy/static/provider/cloud/1.23/deploy.yaml +++ b/deploy/static/provider/cloud/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index da818cd3a..eb2cfd99b 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -1,617 +1,1234 @@ +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Namespace +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 automountServiceAccountToken: true +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resourceNames: +#GENERATED FOR K8S 1.20 - ingress-controller-leader +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - admissionregistration.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - validatingwebhookconfigurations +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 data: +#GENERATED FOR K8S 1.20 allow-snippet-annotations: "true" +#GENERATED FOR K8S 1.20 kind: ConfigMap +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 externalTrafficPolicy: Local +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: http +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 port: 80 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: http +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: https +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: LoadBalancer +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https-webhook +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 targetPort: webhook +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: ClusterIP +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: apps/v1 +#GENERATED FOR K8S 1.20 kind: Deployment +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 minReadySeconds: 0 +#GENERATED FOR K8S 1.20 revisionHistoryLimit: 10 +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 matchLabels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - /nginx-ingress-controller +#GENERATED FOR K8S 1.20 - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --election-id=ingress-controller-leader +#GENERATED FOR K8S 1.20 - --controller-class=k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 - --ingress-class=nginx +#GENERATED FOR K8S 1.20 - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --validating-webhook=:8443 +#GENERATED FOR K8S 1.20 - --validating-webhook-certificate=/usr/local/certificates/cert +#GENERATED FOR K8S 1.20 - --validating-webhook-key=/usr/local/certificates/key +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAME +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.name +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 - name: LD_PRELOAD +#GENERATED FOR K8S 1.20 value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 +#GENERATED FOR K8S 1.20 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 lifecycle: +#GENERATED FOR K8S 1.20 preStop: +#GENERATED FOR K8S 1.20 exec: +#GENERATED FOR K8S 1.20 command: +#GENERATED FOR K8S 1.20 - /wait-shutdown +#GENERATED FOR K8S 1.20 livenessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 5 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 name: controller +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - containerPort: 80 +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 443 +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 8443 +#GENERATED FOR K8S 1.20 name: webhook +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 readinessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 3 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 requests: +#GENERATED FOR K8S 1.20 cpu: 100m +#GENERATED FOR K8S 1.20 memory: 90Mi +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: true +#GENERATED FOR K8S 1.20 capabilities: +#GENERATED FOR K8S 1.20 add: +#GENERATED FOR K8S 1.20 - NET_BIND_SERVICE +#GENERATED FOR K8S 1.20 drop: +#GENERATED FOR K8S 1.20 - ALL +#GENERATED FOR K8S 1.20 runAsUser: 101 +#GENERATED FOR K8S 1.20 volumeMounts: +#GENERATED FOR K8S 1.20 - mountPath: /usr/local/certificates/ +#GENERATED FOR K8S 1.20 name: webhook-cert +#GENERATED FOR K8S 1.20 readOnly: true +#GENERATED FOR K8S 1.20 dnsPolicy: ClusterFirst +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx +#GENERATED FOR K8S 1.20 terminationGracePeriodSeconds: 300 +#GENERATED FOR K8S 1.20 volumes: +#GENERATED FOR K8S 1.20 - name: webhook-cert +#GENERATED FOR K8S 1.20 secret: +#GENERATED FOR K8S 1.20 secretName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: create +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - --webhook-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --patch-mutating=false +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --patch-failure-policy=Fail +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: patch +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: networking.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: IngressClass +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 controller: k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: admissionregistration.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ValidatingWebhookConfiguration +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 webhooks: +#GENERATED FOR K8S 1.20 - admissionReviewVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 clientConfig: +#GENERATED FOR K8S 1.20 service: +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 path: /networking/v1/ingresses +#GENERATED FOR K8S 1.20 failurePolicy: Fail +#GENERATED FOR K8S 1.20 matchPolicy: Equivalent +#GENERATED FOR K8S 1.20 name: validate.nginx.ingress.kubernetes.io +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 apiVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 operations: +#GENERATED FOR K8S 1.20 - CREATE +#GENERATED FOR K8S 1.20 - UPDATE +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 sideEffects: None diff --git a/deploy/static/provider/do/1.19/deploy.yaml b/deploy/static/provider/do/1.19/deploy.yaml index 3bfe98c0b..c2bb8f546 100644 --- a/deploy/static/provider/do/1.19/deploy.yaml +++ b/deploy/static/provider/do/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -348,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -370,7 +370,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +482,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +493,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +578,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.20/deploy.yaml b/deploy/static/provider/do/1.20/deploy.yaml index a1782f46e..96392fa8c 100644 --- a/deploy/static/provider/do/1.20/deploy.yaml +++ b/deploy/static/provider/do/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.21/deploy.yaml b/deploy/static/provider/do/1.21/deploy.yaml index 8c03f618e..43c05ad97 100644 --- a/deploy/static/provider/do/1.21/deploy.yaml +++ b/deploy/static/provider/do/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.22/deploy.yaml b/deploy/static/provider/do/1.22/deploy.yaml index 8c03f618e..43c05ad97 100644 --- a/deploy/static/provider/do/1.22/deploy.yaml +++ b/deploy/static/provider/do/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.23/deploy.yaml b/deploy/static/provider/do/1.23/deploy.yaml index 8c03f618e..43c05ad97 100644 --- a/deploy/static/provider/do/1.23/deploy.yaml +++ b/deploy/static/provider/do/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index a1782f46e..e331fab0a 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -1,621 +1,1242 @@ +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Namespace +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 automountServiceAccountToken: true +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resourceNames: +#GENERATED FOR K8S 1.20 - ingress-controller-leader +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - admissionregistration.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - validatingwebhookconfigurations +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 data: +#GENERATED FOR K8S 1.20 allow-snippet-annotations: "true" +#GENERATED FOR K8S 1.20 use-proxy-protocol: "true" +#GENERATED FOR K8S 1.20 kind: ConfigMap +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 annotations: +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 externalTrafficPolicy: Local +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: http +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 port: 80 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: http +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: https +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: LoadBalancer +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https-webhook +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 targetPort: webhook +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: ClusterIP +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: apps/v1 +#GENERATED FOR K8S 1.20 kind: Deployment +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 minReadySeconds: 0 +#GENERATED FOR K8S 1.20 revisionHistoryLimit: 10 +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 matchLabels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - /nginx-ingress-controller +#GENERATED FOR K8S 1.20 - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --election-id=ingress-controller-leader +#GENERATED FOR K8S 1.20 - --controller-class=k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 - --ingress-class=nginx +#GENERATED FOR K8S 1.20 - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --validating-webhook=:8443 +#GENERATED FOR K8S 1.20 - --validating-webhook-certificate=/usr/local/certificates/cert +#GENERATED FOR K8S 1.20 - --validating-webhook-key=/usr/local/certificates/key +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAME +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.name +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 - name: LD_PRELOAD +#GENERATED FOR K8S 1.20 value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 +#GENERATED FOR K8S 1.20 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 lifecycle: +#GENERATED FOR K8S 1.20 preStop: +#GENERATED FOR K8S 1.20 exec: +#GENERATED FOR K8S 1.20 command: +#GENERATED FOR K8S 1.20 - /wait-shutdown +#GENERATED FOR K8S 1.20 livenessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 5 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 name: controller +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - containerPort: 80 +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 443 +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 8443 +#GENERATED FOR K8S 1.20 name: webhook +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 readinessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 3 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 requests: +#GENERATED FOR K8S 1.20 cpu: 100m +#GENERATED FOR K8S 1.20 memory: 90Mi +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: true +#GENERATED FOR K8S 1.20 capabilities: +#GENERATED FOR K8S 1.20 add: +#GENERATED FOR K8S 1.20 - NET_BIND_SERVICE +#GENERATED FOR K8S 1.20 drop: +#GENERATED FOR K8S 1.20 - ALL +#GENERATED FOR K8S 1.20 runAsUser: 101 +#GENERATED FOR K8S 1.20 volumeMounts: +#GENERATED FOR K8S 1.20 - mountPath: /usr/local/certificates/ +#GENERATED FOR K8S 1.20 name: webhook-cert +#GENERATED FOR K8S 1.20 readOnly: true +#GENERATED FOR K8S 1.20 dnsPolicy: ClusterFirst +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx +#GENERATED FOR K8S 1.20 terminationGracePeriodSeconds: 300 +#GENERATED FOR K8S 1.20 volumes: +#GENERATED FOR K8S 1.20 - name: webhook-cert +#GENERATED FOR K8S 1.20 secret: +#GENERATED FOR K8S 1.20 secretName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: create +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - --webhook-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --patch-mutating=false +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --patch-failure-policy=Fail +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: patch +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: networking.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: IngressClass +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 controller: k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: admissionregistration.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ValidatingWebhookConfiguration +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 webhooks: +#GENERATED FOR K8S 1.20 - admissionReviewVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 clientConfig: +#GENERATED FOR K8S 1.20 service: +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 path: /networking/v1/ingresses +#GENERATED FOR K8S 1.20 failurePolicy: Fail +#GENERATED FOR K8S 1.20 matchPolicy: Equivalent +#GENERATED FOR K8S 1.20 name: validate.nginx.ingress.kubernetes.io +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 apiVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 operations: +#GENERATED FOR K8S 1.20 - CREATE +#GENERATED FOR K8S 1.20 - UPDATE +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 sideEffects: None +#GENERATED FOR K8S 1.20 timeoutSeconds: 29 diff --git a/deploy/static/provider/exoscale/1.19/deploy.yaml b/deploy/static/provider/exoscale/1.19/deploy.yaml index 6163bae12..e7df3b575 100644 --- a/deploy/static/provider/exoscale/1.19/deploy.yaml +++ b/deploy/static/provider/exoscale/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -355,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +489,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +500,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +536,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +547,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +585,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +598,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.20/deploy.yaml b/deploy/static/provider/exoscale/1.20/deploy.yaml index 92c83ab31..5c0f8a806 100644 --- a/deploy/static/provider/exoscale/1.20/deploy.yaml +++ b/deploy/static/provider/exoscale/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -357,7 +357,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -380,7 +380,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -420,7 +420,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -492,7 +492,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -503,7 +503,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -539,7 +539,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -550,7 +550,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -588,7 +588,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -601,7 +601,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.21/deploy.yaml b/deploy/static/provider/exoscale/1.21/deploy.yaml index 0c754baf1..bd1e5b769 100644 --- a/deploy/static/provider/exoscale/1.21/deploy.yaml +++ b/deploy/static/provider/exoscale/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +360,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +383,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +495,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +506,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +542,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +553,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.22/deploy.yaml b/deploy/static/provider/exoscale/1.22/deploy.yaml index 0c754baf1..bd1e5b769 100644 --- a/deploy/static/provider/exoscale/1.22/deploy.yaml +++ b/deploy/static/provider/exoscale/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +360,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +383,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +495,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +506,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +542,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +553,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.23/deploy.yaml b/deploy/static/provider/exoscale/1.23/deploy.yaml index 0c754baf1..bd1e5b769 100644 --- a/deploy/static/provider/exoscale/1.23/deploy.yaml +++ b/deploy/static/provider/exoscale/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +360,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +383,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +495,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +506,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +542,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +553,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 92c83ab31..b5a1feb2d 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -1,627 +1,1254 @@ +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Namespace +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 automountServiceAccountToken: true +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resourceNames: +#GENERATED FOR K8S 1.20 - ingress-controller-leader +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - admissionregistration.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - validatingwebhookconfigurations +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 data: +#GENERATED FOR K8S 1.20 allow-snippet-annotations: "true" +#GENERATED FOR K8S 1.20 kind: ConfigMap +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 annotations: +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller +#GENERATED FOR K8S 1.20 load balancer +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/exoscale-loadbalancer-name: nginx-ingress-controller +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-timeout: 3s +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-uri: / +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/exoscale-loadbalancer-service-strategy: source-hash +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 externalTrafficPolicy: Local +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: http +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 port: 80 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: http +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: https +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: LoadBalancer +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https-webhook +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 targetPort: webhook +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: ClusterIP +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: apps/v1 +#GENERATED FOR K8S 1.20 kind: DaemonSet +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 minReadySeconds: 0 +#GENERATED FOR K8S 1.20 revisionHistoryLimit: 10 +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 matchLabels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - /nginx-ingress-controller +#GENERATED FOR K8S 1.20 - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --election-id=ingress-controller-leader +#GENERATED FOR K8S 1.20 - --controller-class=k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 - --ingress-class=nginx +#GENERATED FOR K8S 1.20 - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --validating-webhook=:8443 +#GENERATED FOR K8S 1.20 - --validating-webhook-certificate=/usr/local/certificates/cert +#GENERATED FOR K8S 1.20 - --validating-webhook-key=/usr/local/certificates/key +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAME +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.name +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 - name: LD_PRELOAD +#GENERATED FOR K8S 1.20 value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 +#GENERATED FOR K8S 1.20 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 lifecycle: +#GENERATED FOR K8S 1.20 preStop: +#GENERATED FOR K8S 1.20 exec: +#GENERATED FOR K8S 1.20 command: +#GENERATED FOR K8S 1.20 - /wait-shutdown +#GENERATED FOR K8S 1.20 livenessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 5 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 name: controller +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - containerPort: 80 +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 443 +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 8443 +#GENERATED FOR K8S 1.20 name: webhook +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 readinessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 3 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 requests: +#GENERATED FOR K8S 1.20 cpu: 100m +#GENERATED FOR K8S 1.20 memory: 90Mi +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: true +#GENERATED FOR K8S 1.20 capabilities: +#GENERATED FOR K8S 1.20 add: +#GENERATED FOR K8S 1.20 - NET_BIND_SERVICE +#GENERATED FOR K8S 1.20 drop: +#GENERATED FOR K8S 1.20 - ALL +#GENERATED FOR K8S 1.20 runAsUser: 101 +#GENERATED FOR K8S 1.20 volumeMounts: +#GENERATED FOR K8S 1.20 - mountPath: /usr/local/certificates/ +#GENERATED FOR K8S 1.20 name: webhook-cert +#GENERATED FOR K8S 1.20 readOnly: true +#GENERATED FOR K8S 1.20 dnsPolicy: ClusterFirst +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx +#GENERATED FOR K8S 1.20 terminationGracePeriodSeconds: 300 +#GENERATED FOR K8S 1.20 volumes: +#GENERATED FOR K8S 1.20 - name: webhook-cert +#GENERATED FOR K8S 1.20 secret: +#GENERATED FOR K8S 1.20 secretName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: create +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - --webhook-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --patch-mutating=false +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --patch-failure-policy=Fail +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: patch +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: networking.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: IngressClass +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 controller: k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: admissionregistration.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ValidatingWebhookConfiguration +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 webhooks: +#GENERATED FOR K8S 1.20 - admissionReviewVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 clientConfig: +#GENERATED FOR K8S 1.20 service: +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 path: /networking/v1/ingresses +#GENERATED FOR K8S 1.20 failurePolicy: Fail +#GENERATED FOR K8S 1.20 matchPolicy: Equivalent +#GENERATED FOR K8S 1.20 name: validate.nginx.ingress.kubernetes.io +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 apiVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 operations: +#GENERATED FOR K8S 1.20 - CREATE +#GENERATED FOR K8S 1.20 - UPDATE +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 sideEffects: None diff --git a/deploy/static/provider/kind/1.19/deploy.yaml b/deploy/static/provider/kind/1.19/deploy.yaml index ed44b79af..a3fba5c2e 100644 --- a/deploy/static/provider/kind/1.19/deploy.yaml +++ b/deploy/static/provider/kind/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -366,7 +366,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -493,7 +493,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -504,7 +504,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -540,7 +540,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -551,7 +551,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -589,7 +589,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -602,7 +602,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.20/deploy.yaml b/deploy/static/provider/kind/1.20/deploy.yaml index 60fb24d4a..cec547011 100644 --- a/deploy/static/provider/kind/1.20/deploy.yaml +++ b/deploy/static/provider/kind/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -346,7 +346,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -369,7 +369,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -496,7 +496,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -507,7 +507,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -543,7 +543,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -554,7 +554,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -592,7 +592,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -605,7 +605,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.21/deploy.yaml b/deploy/static/provider/kind/1.21/deploy.yaml index 049796359..d388c4548 100644 --- a/deploy/static/provider/kind/1.21/deploy.yaml +++ b/deploy/static/provider/kind/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -499,7 +499,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -510,7 +510,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +546,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -557,7 +557,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -595,7 +595,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -608,7 +608,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.22/deploy.yaml b/deploy/static/provider/kind/1.22/deploy.yaml index 049796359..d388c4548 100644 --- a/deploy/static/provider/kind/1.22/deploy.yaml +++ b/deploy/static/provider/kind/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -499,7 +499,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -510,7 +510,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +546,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -557,7 +557,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -595,7 +595,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -608,7 +608,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.23/deploy.yaml b/deploy/static/provider/kind/1.23/deploy.yaml index 049796359..d388c4548 100644 --- a/deploy/static/provider/kind/1.23/deploy.yaml +++ b/deploy/static/provider/kind/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +305,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +317,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -499,7 +499,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -510,7 +510,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +546,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -557,7 +557,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -595,7 +595,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -608,7 +608,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 60fb24d4a..712af7117 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -1,631 +1,1262 @@ +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Namespace +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 automountServiceAccountToken: true +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resourceNames: +#GENERATED FOR K8S 1.20 - ingress-controller-leader +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - admissionregistration.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - validatingwebhookconfigurations +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 data: +#GENERATED FOR K8S 1.20 allow-snippet-annotations: "true" +#GENERATED FOR K8S 1.20 kind: ConfigMap +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: http +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 port: 80 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: http +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: https +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: NodePort +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https-webhook +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 targetPort: webhook +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: ClusterIP +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: apps/v1 +#GENERATED FOR K8S 1.20 kind: Deployment +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 minReadySeconds: 0 +#GENERATED FOR K8S 1.20 revisionHistoryLimit: 10 +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 matchLabels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 strategy: +#GENERATED FOR K8S 1.20 rollingUpdate: +#GENERATED FOR K8S 1.20 maxUnavailable: 1 +#GENERATED FOR K8S 1.20 type: RollingUpdate +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - /nginx-ingress-controller +#GENERATED FOR K8S 1.20 - --election-id=ingress-controller-leader +#GENERATED FOR K8S 1.20 - --controller-class=k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 - --ingress-class=nginx +#GENERATED FOR K8S 1.20 - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --validating-webhook=:8443 +#GENERATED FOR K8S 1.20 - --validating-webhook-certificate=/usr/local/certificates/cert +#GENERATED FOR K8S 1.20 - --validating-webhook-key=/usr/local/certificates/key +#GENERATED FOR K8S 1.20 - --watch-ingress-without-class=true +#GENERATED FOR K8S 1.20 - --publish-status-address=localhost +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAME +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.name +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 - name: LD_PRELOAD +#GENERATED FOR K8S 1.20 value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 +#GENERATED FOR K8S 1.20 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 lifecycle: +#GENERATED FOR K8S 1.20 preStop: +#GENERATED FOR K8S 1.20 exec: +#GENERATED FOR K8S 1.20 command: +#GENERATED FOR K8S 1.20 - /wait-shutdown +#GENERATED FOR K8S 1.20 livenessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 5 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 name: controller +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - containerPort: 80 +#GENERATED FOR K8S 1.20 hostPort: 80 +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 443 +#GENERATED FOR K8S 1.20 hostPort: 443 +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 8443 +#GENERATED FOR K8S 1.20 name: webhook +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 readinessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 3 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 requests: +#GENERATED FOR K8S 1.20 cpu: 100m +#GENERATED FOR K8S 1.20 memory: 90Mi +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: true +#GENERATED FOR K8S 1.20 capabilities: +#GENERATED FOR K8S 1.20 add: +#GENERATED FOR K8S 1.20 - NET_BIND_SERVICE +#GENERATED FOR K8S 1.20 drop: +#GENERATED FOR K8S 1.20 - ALL +#GENERATED FOR K8S 1.20 runAsUser: 101 +#GENERATED FOR K8S 1.20 volumeMounts: +#GENERATED FOR K8S 1.20 - mountPath: /usr/local/certificates/ +#GENERATED FOR K8S 1.20 name: webhook-cert +#GENERATED FOR K8S 1.20 readOnly: true +#GENERATED FOR K8S 1.20 dnsPolicy: ClusterFirst +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 ingress-ready: "true" +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx +#GENERATED FOR K8S 1.20 terminationGracePeriodSeconds: 0 +#GENERATED FOR K8S 1.20 tolerations: +#GENERATED FOR K8S 1.20 - effect: NoSchedule +#GENERATED FOR K8S 1.20 key: node-role.kubernetes.io/master +#GENERATED FOR K8S 1.20 operator: Equal +#GENERATED FOR K8S 1.20 - effect: NoSchedule +#GENERATED FOR K8S 1.20 key: node-role.kubernetes.io/control-plane +#GENERATED FOR K8S 1.20 operator: Equal +#GENERATED FOR K8S 1.20 volumes: +#GENERATED FOR K8S 1.20 - name: webhook-cert +#GENERATED FOR K8S 1.20 secret: +#GENERATED FOR K8S 1.20 secretName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: create +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - --webhook-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --patch-mutating=false +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --patch-failure-policy=Fail +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: patch +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: networking.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: IngressClass +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 controller: k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: admissionregistration.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ValidatingWebhookConfiguration +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 webhooks: +#GENERATED FOR K8S 1.20 - admissionReviewVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 clientConfig: +#GENERATED FOR K8S 1.20 service: +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 path: /networking/v1/ingresses +#GENERATED FOR K8S 1.20 failurePolicy: Fail +#GENERATED FOR K8S 1.20 matchPolicy: Equivalent +#GENERATED FOR K8S 1.20 name: validate.nginx.ingress.kubernetes.io +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 apiVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 operations: +#GENERATED FOR K8S 1.20 - CREATE +#GENERATED FOR K8S 1.20 - UPDATE +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 sideEffects: None diff --git a/deploy/static/provider/scw/1.19/deploy.yaml b/deploy/static/provider/scw/1.19/deploy.yaml index f7721046b..89ee9725b 100644 --- a/deploy/static/provider/scw/1.19/deploy.yaml +++ b/deploy/static/provider/scw/1.19/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -348,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -370,7 +370,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +482,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +493,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +578,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +591,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.20/deploy.yaml b/deploy/static/provider/scw/1.20/deploy.yaml index 45f9f37ec..0b1aaa326 100644 --- a/deploy/static/provider/scw/1.20/deploy.yaml +++ b/deploy/static/provider/scw/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +485,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +496,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +594,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.21/deploy.yaml b/deploy/static/provider/scw/1.21/deploy.yaml index a7b7b9f3f..58894fa1c 100644 --- a/deploy/static/provider/scw/1.21/deploy.yaml +++ b/deploy/static/provider/scw/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.22/deploy.yaml b/deploy/static/provider/scw/1.22/deploy.yaml index a7b7b9f3f..58894fa1c 100644 --- a/deploy/static/provider/scw/1.22/deploy.yaml +++ b/deploy/static/provider/scw/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.23/deploy.yaml b/deploy/static/provider/scw/1.23/deploy.yaml index a7b7b9f3f..58894fa1c 100644 --- a/deploy/static/provider/scw/1.23/deploy.yaml +++ b/deploy/static/provider/scw/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -121,7 +121,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +140,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx rules: - apiGroups: @@ -207,7 +207,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +226,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +246,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +265,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +320,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +416,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +488,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +499,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +597,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 45f9f37ec..6c4eaad28 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -1,620 +1,1240 @@ +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Namespace +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 automountServiceAccountToken: true +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: ServiceAccount +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resourceNames: +#GENERATED FOR K8S 1.20 - ingress-controller-leader +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - configmaps +#GENERATED FOR K8S 1.20 - endpoints +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 - pods +#GENERATED FOR K8S 1.20 - secrets +#GENERATED FOR K8S 1.20 - namespaces +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - nodes +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - services +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - "" +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - events +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses/status +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingressclasses +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - list +#GENERATED FOR K8S 1.20 - watch +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - admissionregistration.k8s.io +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - validatingwebhookconfigurations +#GENERATED FOR K8S 1.20 verbs: +#GENERATED FOR K8S 1.20 - get +#GENERATED FOR K8S 1.20 - update +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: RoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: Role +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: rbac.authorization.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ClusterRoleBinding +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 roleRef: +#GENERATED FOR K8S 1.20 apiGroup: rbac.authorization.k8s.io +#GENERATED FOR K8S 1.20 kind: ClusterRole +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 subjects: +#GENERATED FOR K8S 1.20 - kind: ServiceAccount +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 data: +#GENERATED FOR K8S 1.20 allow-snippet-annotations: "true" +#GENERATED FOR K8S 1.20 use-proxy-protocol: "true" +#GENERATED FOR K8S 1.20 kind: ConfigMap +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 annotations: +#GENERATED FOR K8S 1.20 service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "true" +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 externalTrafficPolicy: Local +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: http +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 port: 80 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: http +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 targetPort: https +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: LoadBalancer +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: v1 +#GENERATED FOR K8S 1.20 kind: Service +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - appProtocol: https +#GENERATED FOR K8S 1.20 name: https-webhook +#GENERATED FOR K8S 1.20 port: 443 +#GENERATED FOR K8S 1.20 targetPort: webhook +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 type: ClusterIP +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: apps/v1 +#GENERATED FOR K8S 1.20 kind: Deployment +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 minReadySeconds: 0 +#GENERATED FOR K8S 1.20 revisionHistoryLimit: 10 +#GENERATED FOR K8S 1.20 selector: +#GENERATED FOR K8S 1.20 matchLabels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - /nginx-ingress-controller +#GENERATED FOR K8S 1.20 - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --election-id=ingress-controller-leader +#GENERATED FOR K8S 1.20 - --controller-class=k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 - --ingress-class=nginx +#GENERATED FOR K8S 1.20 - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller +#GENERATED FOR K8S 1.20 - --validating-webhook=:8443 +#GENERATED FOR K8S 1.20 - --validating-webhook-certificate=/usr/local/certificates/cert +#GENERATED FOR K8S 1.20 - --validating-webhook-key=/usr/local/certificates/key +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAME +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.name +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 - name: LD_PRELOAD +#GENERATED FOR K8S 1.20 value: /usr/local/lib/libmimalloc.so - image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 +#GENERATED FOR K8S 1.20 + image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 lifecycle: +#GENERATED FOR K8S 1.20 preStop: +#GENERATED FOR K8S 1.20 exec: +#GENERATED FOR K8S 1.20 command: +#GENERATED FOR K8S 1.20 - /wait-shutdown +#GENERATED FOR K8S 1.20 livenessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 5 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 name: controller +#GENERATED FOR K8S 1.20 ports: +#GENERATED FOR K8S 1.20 - containerPort: 80 +#GENERATED FOR K8S 1.20 name: http +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 443 +#GENERATED FOR K8S 1.20 name: https +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 - containerPort: 8443 +#GENERATED FOR K8S 1.20 name: webhook +#GENERATED FOR K8S 1.20 protocol: TCP +#GENERATED FOR K8S 1.20 readinessProbe: +#GENERATED FOR K8S 1.20 failureThreshold: 3 +#GENERATED FOR K8S 1.20 httpGet: +#GENERATED FOR K8S 1.20 path: /healthz +#GENERATED FOR K8S 1.20 port: 10254 +#GENERATED FOR K8S 1.20 scheme: HTTP +#GENERATED FOR K8S 1.20 initialDelaySeconds: 10 +#GENERATED FOR K8S 1.20 periodSeconds: 10 +#GENERATED FOR K8S 1.20 successThreshold: 1 +#GENERATED FOR K8S 1.20 timeoutSeconds: 1 +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 requests: +#GENERATED FOR K8S 1.20 cpu: 100m +#GENERATED FOR K8S 1.20 memory: 90Mi +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: true +#GENERATED FOR K8S 1.20 capabilities: +#GENERATED FOR K8S 1.20 add: +#GENERATED FOR K8S 1.20 - NET_BIND_SERVICE +#GENERATED FOR K8S 1.20 drop: +#GENERATED FOR K8S 1.20 - ALL +#GENERATED FOR K8S 1.20 runAsUser: 101 +#GENERATED FOR K8S 1.20 volumeMounts: +#GENERATED FOR K8S 1.20 - mountPath: /usr/local/certificates/ +#GENERATED FOR K8S 1.20 name: webhook-cert +#GENERATED FOR K8S 1.20 readOnly: true +#GENERATED FOR K8S 1.20 dnsPolicy: ClusterFirst +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx +#GENERATED FOR K8S 1.20 terminationGracePeriodSeconds: 300 +#GENERATED FOR K8S 1.20 volumes: +#GENERATED FOR K8S 1.20 - name: webhook-cert +#GENERATED FOR K8S 1.20 secret: +#GENERATED FOR K8S 1.20 secretName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-create +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - create +#GENERATED FOR K8S 1.20 - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: create +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: batch/v1 +#GENERATED FOR K8S 1.20 kind: Job +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 template: +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission-patch +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 containers: +#GENERATED FOR K8S 1.20 - args: +#GENERATED FOR K8S 1.20 - patch +#GENERATED FOR K8S 1.20 - --webhook-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --namespace=$(POD_NAMESPACE) +#GENERATED FOR K8S 1.20 - --patch-mutating=false +#GENERATED FOR K8S 1.20 - --secret-name=ingress-nginx-admission +#GENERATED FOR K8S 1.20 - --patch-failure-policy=Fail +#GENERATED FOR K8S 1.20 env: +#GENERATED FOR K8S 1.20 - name: POD_NAMESPACE +#GENERATED FOR K8S 1.20 valueFrom: +#GENERATED FOR K8S 1.20 fieldRef: +#GENERATED FOR K8S 1.20 fieldPath: metadata.namespace +#GENERATED FOR K8S 1.20 image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 +#GENERATED FOR K8S 1.20 imagePullPolicy: IfNotPresent +#GENERATED FOR K8S 1.20 name: patch +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 allowPrivilegeEscalation: false +#GENERATED FOR K8S 1.20 nodeSelector: +#GENERATED FOR K8S 1.20 kubernetes.io/os: linux +#GENERATED FOR K8S 1.20 restartPolicy: OnFailure +#GENERATED FOR K8S 1.20 securityContext: +#GENERATED FOR K8S 1.20 fsGroup: 2000 +#GENERATED FOR K8S 1.20 runAsNonRoot: true +#GENERATED FOR K8S 1.20 runAsUser: 2000 +#GENERATED FOR K8S 1.20 serviceAccountName: ingress-nginx-admission +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: networking.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: IngressClass +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: controller +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: nginx +#GENERATED FOR K8S 1.20 spec: +#GENERATED FOR K8S 1.20 controller: k8s.io/ingress-nginx +#GENERATED FOR K8S 1.20 --- +#GENERATED FOR K8S 1.20 apiVersion: admissionregistration.k8s.io/v1 +#GENERATED FOR K8S 1.20 kind: ValidatingWebhookConfiguration +#GENERATED FOR K8S 1.20 metadata: +#GENERATED FOR K8S 1.20 labels: +#GENERATED FOR K8S 1.20 app.kubernetes.io/component: admission-webhook +#GENERATED FOR K8S 1.20 app.kubernetes.io/instance: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/name: ingress-nginx +#GENERATED FOR K8S 1.20 app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.0 +#GENERATED FOR K8S 1.20 + app.kubernetes.io/version: 1.2.1 +#GENERATED FOR K8S 1.20 name: ingress-nginx-admission +#GENERATED FOR K8S 1.20 webhooks: +#GENERATED FOR K8S 1.20 - admissionReviewVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 clientConfig: +#GENERATED FOR K8S 1.20 service: +#GENERATED FOR K8S 1.20 name: ingress-nginx-controller-admission +#GENERATED FOR K8S 1.20 namespace: ingress-nginx +#GENERATED FOR K8S 1.20 path: /networking/v1/ingresses +#GENERATED FOR K8S 1.20 failurePolicy: Fail +#GENERATED FOR K8S 1.20 matchPolicy: Equivalent +#GENERATED FOR K8S 1.20 name: validate.nginx.ingress.kubernetes.io +#GENERATED FOR K8S 1.20 rules: +#GENERATED FOR K8S 1.20 - apiGroups: +#GENERATED FOR K8S 1.20 - networking.k8s.io +#GENERATED FOR K8S 1.20 apiVersions: +#GENERATED FOR K8S 1.20 - v1 +#GENERATED FOR K8S 1.20 operations: +#GENERATED FOR K8S 1.20 - CREATE +#GENERATED FOR K8S 1.20 - UPDATE +#GENERATED FOR K8S 1.20 resources: +#GENERATED FOR K8S 1.20 - ingresses +#GENERATED FOR K8S 1.20 sideEffects: None From 6caa99f4641b0d07d348180f7fb459588dee9ca1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 May 2022 06:28:53 -0700 Subject: [PATCH 115/494] Bump github.com/imdario/mergo from 0.3.12 to 0.3.13 (#8649) Bumps [github.com/imdario/mergo](https://github.com/imdario/mergo) from 0.3.12 to 0.3.13. - [Release notes](https://github.com/imdario/mergo/releases) - [Commits](https://github.com/imdario/mergo/compare/0.3.12...v0.3.13) --- updated-dependencies: - dependency-name: github.com/imdario/mergo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 8547d6970..982bc9a9b 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/eapache/channels v1.1.0 github.com/fsnotify/fsnotify v1.5.4 github.com/gavv/httpexpect/v2 v2.3.1 - github.com/imdario/mergo v0.3.12 + github.com/imdario/mergo v0.3.13 github.com/json-iterator/go v1.1.12 github.com/kylelemons/godebug v1.1.0 github.com/mitchellh/go-ps v1.0.0 @@ -133,7 +133,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect + gopkg.in/yaml.v3 v3.0.0 // indirect k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect diff --git a/go.sum b/go.sum index 6dca2bc83..88049aa1e 100644 --- a/go.sum +++ b/go.sum @@ -345,8 +345,8 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= -github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= +github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/imkira/go-interpol v1.0.0 h1:HrmLyvOLJyjR0YofMw8QGdCIuYOs4TJUBDNU5sJC09E= github.com/imkira/go-interpol v1.0.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= @@ -1106,8 +1106,9 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From f6ceaadcbaa2bb3a66c241682d08b682ea289a02 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 31 May 2022 18:27:23 -0400 Subject: [PATCH 116/494] Update supported version readme (#8654) bump versions to 1.2.1 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0af81cb58..e55b4aff4 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | | v1.2.0 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | | v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | | v1.1.2 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | From 4a6d15a5a2a07a4421c37cec56e5d8773d81e763 Mon Sep 17 00:00:00 2001 From: Abhishek Agarwal Date: Wed, 1 Jun 2022 16:27:02 +0530 Subject: [PATCH 117/494] update ci kind version to v0.14.0 (#8656) * update ci kind version to v0.14.0 Signed-off-by: Abhishek Agarwal * updated the ci strategy matrix k8s versions Signed-off-by: Abhishek Agarwal --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cf8ec20f2..c8e50035b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -171,7 +171,7 @@ jobs: id: kind uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 with: - version: v0.11.1 + version: v0.14.0 image: kindest/node:v1.21.1 - uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba # v1 @@ -204,7 +204,7 @@ jobs: strategy: matrix: - k8s: [v1.19.11, v1.20.7, v1.21.2, v1.22.0, v1.23.0] + k8s: [v1.19.11, v1.20.7, v1.21.2, v1.22.9, v1.23.6, v1.24.0] steps: @@ -262,7 +262,7 @@ jobs: strategy: matrix: - k8s: [v1.21.10, v1.22.7, v1.23.4] + k8s: [v1.21.10, v1.22.9, v1.23.6, v1.24.0] steps: From d29a2383507427abdc56302165c618bf2da7580b Mon Sep 17 00:00:00 2001 From: guylil <24384486+guylil@users.noreply.github.com> Date: Fri, 3 Jun 2022 12:44:19 +0300 Subject: [PATCH 118/494] Update index.md (#8616) typo change.. I think... It didn't work for me without the " " --- docs/deploy/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 0a33c19cd..fad8338c6 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -93,7 +93,7 @@ Then create an ingress resource. The following example uses an host that maps to ```console kubectl create ingress demo-localhost --class=nginx \ - --rule=demo.localdev.me/*=demo:80 + --rule="demo.localdev.me/*=demo:80" ``` Now, forward a local port to the ingress controller: From fb2f00bae5c444b742f42e05eddf80a36dd6b7f8 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Tue, 7 Jun 2022 21:32:56 +0530 Subject: [PATCH 119/494] bumped kind version to 0.14.0 (#8677) --- .github/workflows/ci.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c8e50035b..046b3bc2c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -169,10 +169,10 @@ jobs: - name: Create Kubernetes cluster id: kind - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 + uses: engineerd/setup-kind@v0.5.0 with: version: v0.14.0 - image: kindest/node:v1.21.1 + image: kindest/node:v1.21.12 - uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba # v1 with: @@ -218,9 +218,9 @@ jobs: - name: Create Kubernetes ${{ matrix.k8s }} cluster id: kind - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 + uses: engineerd/setup-kind@v0.5.0 with: - version: v0.11.1 + version: v0.14.0 config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} @@ -278,7 +278,7 @@ jobs: id: kind uses: engineerd/setup-kind@v0.5.0 with: - version: v0.12.0 + version: v0.14.0 config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} @@ -398,10 +398,10 @@ jobs: - name: Create Kubernetes cluster id: kind if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 + uses: engineerd/setup-kind@v0.5.0 with: - version: v0.11.1 - image: kindest/node:v1.21.1 + version: v0.14.0 + image: kindest/node:v1.21.12 - name: Set up Go 1.18 id: go From 2fc8a62d1a19708c2d13df74f8798aa5a58a5d43 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Thu, 9 Jun 2022 22:33:42 +0530 Subject: [PATCH 120/494] removed unavailable flag (#8681) --- .github/workflows/ci.yaml | 4 ++-- test/e2e/kind.yaml | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 046b3bc2c..68a90848f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -204,7 +204,7 @@ jobs: strategy: matrix: - k8s: [v1.19.11, v1.20.7, v1.21.2, v1.22.9, v1.23.6, v1.24.0] + k8s: [v1.19.11, v1.20.7, v1.21.2, v1.22.9, v1.23.6] steps: @@ -262,7 +262,7 @@ jobs: strategy: matrix: - k8s: [v1.21.10, v1.22.9, v1.23.6, v1.24.0] + k8s: [v1.21.10, v1.22.9, v1.23.6] steps: diff --git a/test/e2e/kind.yaml b/test/e2e/kind.yaml index 6fddba4e2..97dc7082d 100644 --- a/test/e2e/kind.yaml +++ b/test/e2e/kind.yaml @@ -13,4 +13,3 @@ kubeadmConfigPatches: extraArgs: namespace-sync-period: 10s concurrent-deployment-syncs: "30" - deployment-controller-sync-period: 10s From 0005c080da149ab9cc1d5a1a060259415fc09cab Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 10 Jun 2022 16:21:47 +0530 Subject: [PATCH 121/494] moved whathappend to top (#8684) --- .github/ISSUE_TEMPLATE/bug_report.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 9f8fd83ba..469e00834 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -10,7 +10,8 @@ assignees: '' +**What happened**: + + + +**What you expected to happen**: + + + + **NGINX Ingress controller version** (exec into the pod and run nginx-ingress-controller --version.): - -**What you expected to happen**: - - - -**How to reproduce it**: +**How to reproduce this issue**: @@ -30,4 +30,4 @@ blocks. If they're super-long, please use the details tag like \ No newline at end of file +--> From 8baac4214a1c5e712676b0328c992682ae033d4b Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 8 Jul 2022 19:27:46 +0530 Subject: [PATCH 160/494] changed to alpine-v3.16 (#8793) --- docs/examples/customization/sysctl/patch.json | 4 ++-- images/cfssl/rootfs/Dockerfile | 2 +- images/httpbin/rootfs/Dockerfile | 2 +- images/nginx/rootfs/Dockerfile | 4 ++-- images/opentelemetry/rootfs/Dockerfile | 4 ++-- rootfs/Dockerfile.chroot | 2 +- test/e2e-image/Dockerfile | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/examples/customization/sysctl/patch.json b/docs/examples/customization/sysctl/patch.json index d0cf1f9ae..683b4ec6b 100644 --- a/docs/examples/customization/sysctl/patch.json +++ b/docs/examples/customization/sysctl/patch.json @@ -4,7 +4,7 @@ "spec": { "initContainers": [{ "name": "sysctl", - "image": "alpine:3.13", + "image": "alpine:3.16.0", "securityContext": { "privileged": true }, @@ -13,4 +13,4 @@ } } } -} \ No newline at end of file +} diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index f12a1c776..bfe19cfd9 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.13 +FROM alpine:3.16.0 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk add --no-cache \ diff --git a/images/httpbin/rootfs/Dockerfile b/images/httpbin/rootfs/Dockerfile index 113aaaa0d..5ee58d69c 100644 --- a/images/httpbin/rootfs/Dockerfile +++ b/images/httpbin/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.14.6 +FROM alpine:3.16.0 ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 2371acd82..fd3dfe5ba 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.14.6 as builder +FROM alpine:3.16.0 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.14.6 +FROM alpine:3.16.0 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 91832fa55..18fea3d51 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.14.6 as base +FROM alpine:3.16.0 as base RUN mkdir -p /opt/third_party/install COPY . /opt/third_party/ @@ -39,7 +39,7 @@ COPY --from=grpc /opt/third_party/install/ /usr COPY --from=otel-cpp /opt/third_party/install/ /usr RUN bash /opt/third_party/build.sh -n -FROM alpine:3.14.6 +FROM alpine:3.16.0 COPY --from=base /opt/third_party/init_module.sh /usr/local/bin/init_module.sh COPY --from=nginx /etc/nginx/modules /etc/nginx/modules COPY --from=nginx /opt/third_party/install/lib /etc/nginx/modules diff --git a/rootfs/Dockerfile.chroot b/rootfs/Dockerfile.chroot index 10a335679..69d2a0f71 100644 --- a/rootfs/Dockerfile.chroot +++ b/rootfs/Dockerfile.chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.14.6 +FROM alpine:3.16.0 ARG TARGETARCH ARG VERSION diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index 78d839342..ab6b674af 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,6 +1,6 @@ FROM registry.k8s.io/ingress-nginx/e2e-test-runner:v20220624-g3348cd71e@sha256:2a34e322b7ff89abdfa0b6202f903bf5618578b699ff609a3ddabac0aae239c8 AS BASE -FROM alpine:3.14.6 +FROM alpine:3.16.0 RUN apk add -U --no-cache \ ca-certificates \ From e1a16f6e74ef43cdfd59de75b3394d6b20ef7645 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 8 Jul 2022 12:27:47 -0400 Subject: [PATCH 161/494] Update nginx base image in one place (#8400) * update files to use one base image file Signed-off-by: James Strong * add chart test as well Signed-off-by: James Strong * update e2e-test image building Signed-off-by: James Strong * update e2e base image arg Signed-off-by: James Strong * add current e2e so test run Signed-off-by: James Strong * working on fixing build * getting dev-env and make release to work * test * i think buildx is working on mac * updates * why docker for mac and linux cli differ * fix target arch * fix target arch * fix loag issue * fix issue * update the chroot docker file * fix docker base build * mac is the issue * env not getting to the e2e deployment.go file * fix pull issue * fix pull issue * move test scripts into test folder * clean up ci * updates for PR * remove unnesscary var --- .codecov.yml | 8 -- .github/workflows/ci.yaml | 5 ++ Makefile | 85 ++++++++++++------- NGINX_BASE | 1 + build/build.sh | 22 +++-- build/run-e2e-suite.sh | 4 + build/run-in-docker.sh | 20 +++-- images/echo/Makefile | 3 +- images/nginx/README.md | 4 +- images/test-runner/Makefile | 2 +- rootfs/Dockerfile | 8 +- .../{Dockerfile.chroot => Dockerfile-chroot} | 8 +- test/e2e-image/Dockerfile | 3 +- test/e2e-image/Makefile | 2 + test/e2e/framework/deployment.go | 20 +++-- test/e2e/run-chart-test.sh | 7 ++ test/e2e/run.sh | 6 ++ {build => test}/test-lua.sh | 0 {build => test}/test.sh | 0 19 files changed, 138 insertions(+), 70 deletions(-) delete mode 100644 .codecov.yml create mode 100644 NGINX_BASE rename rootfs/{Dockerfile.chroot => Dockerfile-chroot} (95%) rename {build => test}/test-lua.sh (100%) rename {build => test}/test.sh (100%) diff --git a/.codecov.yml b/.codecov.yml deleted file mode 100644 index f91e5c1fe..000000000 --- a/.codecov.yml +++ /dev/null @@ -1,8 +0,0 @@ -coverage: - status: - project: - default: - target: 40% - threshold: null - patch: false - changes: false diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c200ef1be..dd9fd0328 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -44,6 +44,7 @@ jobs: - 'charts/ingress-nginx/Chart.yaml' - 'charts/ingress-nginx/**/*' + security: runs-on: ubuntu-latest steps: @@ -195,6 +196,7 @@ jobs: kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-chart-tests + kubernetes: name: Kubernetes runs-on: ubuntu-latest @@ -251,6 +253,7 @@ jobs: kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-test + kubernetes-chroot: name: Kubernetes chroot runs-on: ubuntu-latest @@ -308,6 +311,7 @@ jobs: kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-test + test-image-build: permissions: contents: read # for dorny/paths-filter to fetch a list of changed files @@ -374,6 +378,7 @@ jobs: run: | cd images/ext-auth-example-authsvc && make build + test-image: permissions: contents: read # for dorny/paths-filter to fetch a list of changed files diff --git a/Makefile b/Makefile index 7b74f2e60..7994ac377 100644 --- a/Makefile +++ b/Makefile @@ -53,9 +53,16 @@ ifneq ($(PLATFORM),) PLATFORM_FLAG="--platform" endif +MAC_OS = $(shell uname -s) +ifeq ($(MAC_OS), Darwin) + MAC_DOCKER_FLAGS="--load" +else + MAC_DOCKER_FLAGS= +endif + REGISTRY ?= gcr.io/k8s-staging-ingress-nginx -BASE_IMAGE ?= registry.k8s.io/ingress-nginx/nginx:0ff500c23f34e939305de709cb6d47da34b66611@sha256:15f91034a03550dfab6ec50a7be4abbb683d087e234ad7fef5adedef54e46a5a +BASE_IMAGE ?= $(shell cat NGINX_BASE) GOARCH=$(ARCH) @@ -65,12 +72,14 @@ help: ## Display this help .PHONY: image image: clean-image ## Build image for a particular arch. echo "Building docker image ($(ARCH))..." - @docker build \ + docker build \ ${PLATFORM_FLAG} ${PLATFORM} \ --no-cache \ + $(MAC_DOCKER_FLAGS) \ + --pull \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ - --build-arg TARGETARCH="$(ARCH)" \ + --build-arg TARGET_ARCH="$(ARCH)" \ --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg BUILD_ID="$(BUILD_ID)" \ -t $(REGISTRY)/controller:$(TAG) rootfs @@ -82,14 +91,16 @@ gosec: .PHONY: image-chroot image-chroot: clean-chroot-image ## Build image for a particular arch. echo "Building docker image ($(ARCH))..." - @docker build \ + docker build \ --no-cache \ + $(MAC_DOCKER_FLAGS) \ + --pull \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ - --build-arg TARGETARCH="$(ARCH)" \ + --build-arg TARGET_ARCH="$(ARCH)" \ --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg BUILD_ID="$(BUILD_ID)" \ - -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile.chroot + -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile-chroot .PHONY: clean-image clean-image: ## Removes local image @@ -105,64 +116,82 @@ clean-chroot-image: ## Removes local image .PHONY: build build: ## Build ingress controller, debug tool and pre-stop hook. - @build/run-in-docker.sh \ + build/run-in-docker.sh \ + MAC_OS=$(MAC_OS) \ PKG=$(PKG) \ ARCH=$(ARCH) \ COMMIT_SHA=$(COMMIT_SHA) \ REPO_INFO=$(REPO_INFO) \ TAG=$(TAG) \ - GOBUILD_FLAGS=$(GOBUILD_FLAGS) \ build/build.sh + .PHONY: build-plugin build-plugin: ## Build ingress-nginx krew plugin. @build/run-in-docker.sh \ PKG=$(PKG) \ + MAC_OS=$(MAC_OS) \ ARCH=$(ARCH) \ COMMIT_SHA=$(COMMIT_SHA) \ REPO_INFO=$(REPO_INFO) \ TAG=$(TAG) \ - GOBUILD_FLAGS=$(GOBUILD_FLAGS) \ build/build-plugin.sh + .PHONY: clean clean: ## Remove .gocache directory. rm -rf bin/ .gocache/ .cache/ + .PHONY: static-check static-check: ## Run verification script for boilerplate, codegen, gofmt, golint, lualint and chart-lint. @build/run-in-docker.sh \ hack/verify-all.sh +############################### +# Tests for ingress-nginx +############################### + .PHONY: test test: ## Run go unit tests. @build/run-in-docker.sh \ PKG=$(PKG) \ + MAC_OS=$(MAC_OS) \ ARCH=$(ARCH) \ COMMIT_SHA=$(COMMIT_SHA) \ REPO_INFO=$(REPO_INFO) \ TAG=$(TAG) \ - GOBUILD_FLAGS=$(GOBUILD_FLAGS) \ - build/test.sh + test/test.sh .PHONY: lua-test lua-test: ## Run lua unit tests. @build/run-in-docker.sh \ BUSTED_ARGS=$(BUSTED_ARGS) \ - build/test-lua.sh + MAC_OS=$(MAC_OS) \ + test/test-lua.sh .PHONY: e2e-test e2e-test: ## Run e2e tests (expects access to a working Kubernetes cluster). @build/run-e2e-suite.sh +.PHONY: kind-e2e-test +kind-e2e-test: ## Run e2e tests using kind. + @test/e2e/run.sh + +.PHONY: kind-e2e-chart-tests +kind-e2e-chart-tests: ## Run helm chart e2e tests + @test/e2e/run-chart-test.sh + .PHONY: e2e-test-binary e2e-test-binary: ## Build binary for e2e tests. @build/run-in-docker.sh \ + MAC_OS=$(MAC_OS) \ ginkgo build ./test/e2e .PHONY: print-e2e-suite print-e2e-suite: e2e-test-binary ## Prints information about the suite of e2e tests. @build/run-in-docker.sh \ + MAC_OS=$(MAC_OS) \ hack/print-e2e-suite.sh .PHONY: vet @@ -185,6 +214,8 @@ dev-env: ## Starts a local Kubernetes cluster using kind, building and deployin dev-env-stop: ## Deletes local Kubernetes cluster created by kind. @kind delete cluster --name ingress-nginx-dev + + .PHONY: live-docs live-docs: ## Build and launch a local copy of the documentation website in http://localhost:8000 @docker build ${PLATFORM_FLAG} ${PLATFORM} -t ingress-nginx-docs .github/actions/mkdocs @@ -202,14 +233,6 @@ misspell: ## Check for spelling errors. -error \ cmd/* internal/* deploy/* docs/* design/* test/* README.md -.PHONY: kind-e2e-test -kind-e2e-test: ## Run e2e tests using kind. - @test/e2e/run.sh - -.PHONY: kind-e2e-chart-tests -kind-e2e-chart-tests: ## Run helm chart e2e tests - @test/e2e/run-chart-test.sh - .PHONY: run-ingress-controller run-ingress-controller: ## Run the ingress controller locally using a kubectl proxy connection. @build/run-ingress-controller.sh @@ -223,35 +246,35 @@ show-version: echo -n $(TAG) PLATFORMS ?= amd64 arm arm64 s390x - -EMPTY := -SPACE := $(EMPTY) $(EMPTY) -COMMA := , +BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64,linux/s390x .PHONY: release # Build a multi-arch docker image release: ensure-buildx clean echo "Building binaries..." $(foreach PLATFORM,$(PLATFORMS), echo -n "$(PLATFORM)..."; ARCH=$(PLATFORM) make build;) - echo "Building and pushing ingress-nginx image..." - @docker buildx build \ + echo "Building and pushing ingress-nginx image...$(BUILDX_PLATFORMS)" + + docker buildx build \ --no-cache \ --push \ + --pull \ --progress plain \ - --platform $(subst $(SPACE),$(COMMA),$(PLATFORMS)) \ + --platform $(BUILDX_PLATFORMS) \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg BUILD_ID="$(BUILD_ID)" \ -t $(REGISTRY)/controller:$(TAG) rootfs - - @docker buildx build \ + + docker buildx build \ --no-cache \ --push \ + --pull \ --progress plain \ - --platform $(subst $(SPACE),$(COMMA),$(PLATFORMS)) \ + --platform $(BUILDX_PLATFORMS) \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg BUILD_ID="$(BUILD_ID)" \ - -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile.chroot + -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile-chroot diff --git a/NGINX_BASE b/NGINX_BASE new file mode 100644 index 000000000..a882c352d --- /dev/null +++ b/NGINX_BASE @@ -0,0 +1 @@ +registry.k8s.io/ingress-nginx/nginx:0ff500c23f34e939305de709cb6d47da34b66611@sha256:15f91034a03550dfab6ec50a7be4abbb683d087e234ad7fef5adedef54e46a5a \ No newline at end of file diff --git a/build/build.sh b/build/build.sh index a865fe927..210a8e10f 100755 --- a/build/build.sh +++ b/build/build.sh @@ -14,8 +14,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +GO_BUILD_CMD="go build" + if [ -n "$DEBUG" ]; then set -x + GO_BUILD_CMD="go build -v" fi set -o errexit @@ -31,39 +34,40 @@ mandatory=( TAG ) -missing=false for var in "${mandatory[@]}"; do if [[ -z "${!var:-}" ]]; then echo "Environment variable $var must be set" - missing=true + exit 1 fi done -if [ "$missing" = true ]; then - exit 1 -fi - export CGO_ENABLED=0 export GOARCH=${ARCH} TARGETS_DIR="rootfs/bin/${ARCH}" echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} directory." -go build \ +echo "Building ${PKG}/cmd/nginx" + +${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ -X ${PKG}/version.RELEASE=${TAG} \ -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ -X ${PKG}/version.REPO=${REPO_INFO}" \ -o "${TARGETS_DIR}/nginx-ingress-controller" "${PKG}/cmd/nginx" -go build \ +echo "Building ${PKG}/cmd/dbg" + +${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ -X ${PKG}/version.RELEASE=${TAG} \ -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ -X ${PKG}/version.REPO=${REPO_INFO}" \ -o "${TARGETS_DIR}/dbg" "${PKG}/cmd/dbg" -go build \ +echo "Building ${PKG}/cmd/waitshutdown" + +${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ -X ${PKG}/version.RELEASE=${TAG} \ -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ diff --git a/build/run-e2e-suite.sh b/build/run-e2e-suite.sh index 27f17bed5..d23a504e6 100755 --- a/build/run-e2e-suite.sh +++ b/build/run-e2e-suite.sh @@ -51,6 +51,9 @@ trap cleanup EXIT E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS:-} FOCUS=${FOCUS:-.*} +BASEDIR=$(dirname "$0") +NGINX_BASE_IMAGE=$(cat $BASEDIR/../NGINX_BASE) + export E2E_CHECK_LEAKS export FOCUS @@ -76,6 +79,7 @@ kubectl run --rm \ --env="E2E_NODES=${E2E_NODES}" \ --env="FOCUS=${FOCUS}" \ --env="E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS}" \ + --env="NGINX_BASE_IMAGE=${NGINX_BASE_IMAGE}" \ --overrides='{ "apiVersion": "v1", "spec":{"serviceAccountName": "ingress-nginx-e2e"}}' \ e2e --image=nginx-ingress-controller:e2e diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index db8a32993..8f04a9920 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -14,7 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -if [ -n "$DEBUG" ]; then +DEBUG=${DEBUG:-"false"} +if [ "$DEBUG" == "true" ]; then set -x fi @@ -62,6 +63,14 @@ else PLATFORM_FLAG= fi +USER=${USER:-nobody} + +if [[ ${MAC_OS} == "Darwin" ]]; then + MAC_DOCKER_FLAGS="" +else + MAC_DOCKER_FLAGS="-u $(id -u ${USER}):$(id -g ${USER})" #idk why mac/git fails on the gobuild if these are presented to dockerrun.sh script +fi + echo "..printing env & other vars to stdout" echo "HOSTNAME=`hostname`" uname -a @@ -74,20 +83,21 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "FLAGS=$FLAGS" go env set -x - go install -mod=mod github.com/onsi/ginkgo/ginkgo@v1.16.4 + go install -mod=mod github.com/onsi/ginkgo/ginkgo@v1.16.4 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" set +x else - echo "..reached DIND check ELSE block, inside run-in-docker.sh" + echo "Reached DIND check ELSE block, inside run-in-docker.sh" docker run \ ${PLATFORM_FLAG} ${PLATFORM} \ --tty \ --rm \ ${DOCKER_OPTS} \ + -e DEBUG=${DEBUG} \ -e GOCACHE="/go/src/${PKG}/.cache" \ - -e GOMODCACHE="/go/src/${PKG}/.modcache" \ + -e GOMODCACHE="/go/src/${PKG}/.modcache" \ -e DOCKER_IN_DOCKER_ENABLED="true" \ -v "${HOME}/.kube:${HOME}/.kube" \ -v "${KUBE_ROOT}:/go/src/${PKG}" \ @@ -95,6 +105,6 @@ else -v "/var/run/docker.sock:/var/run/docker.sock" \ -v "${INGRESS_VOLUME}:/etc/ingress-controller/" \ -w "/go/src/${PKG}" \ - -u $(id -u ${USER}):$(id -g ${USER}) \ + ${MAC_DOCKER_FLAGS} \ ${E2E_IMAGE} /bin/bash -c "${FLAGS}" fi diff --git a/images/echo/Makefile b/images/echo/Makefile index 66b3af7eb..500704e81 100644 --- a/images/echo/Makefile +++ b/images/echo/Makefile @@ -26,6 +26,7 @@ IMAGE = $(REGISTRY)/e2e-test-echo # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled +BASE_IMAGE = $(shell cat $(DIR)/../../NGINX_BASE) # build with buildx PLATFORMS?=linux/amd64 OUTPUT= @@ -36,7 +37,7 @@ build: ensure-buildx --platform=${PLATFORMS} $(OUTPUT) \ --progress=$(PROGRESS) \ --pull \ - --build-arg BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx:0ff500c23f34e939305de709cb6d47da34b66611@sha256:15f91034a03550dfab6ec50a7be4abbb683d087e234ad7fef5adedef54e46a5a \ + --build-arg BASE_IMAGE=${BASE_IMAGE} \ --build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ -t $(IMAGE):$(TAG) rootfs diff --git a/images/nginx/README.md b/images/nginx/README.md index a7e327700..da6994fb5 100644 --- a/images/nginx/README.md +++ b/images/nginx/README.md @@ -19,7 +19,9 @@ This image provides a default configuration file with no backend servers. _Using docker_ +NGINX base image we use is defined in NGINX_BASE file at the root of the project + ```console -docker run -v /some/nginx.conf:/etc/nginx/nginx.conf:ro registry.k8s.io/ingress-nginx/nginx:0ff500c23f34e939305de709cb6d47da34b66611@sha256:15f91034a03550dfab6ec50a7be4abbb683d087e234ad7fef5adedef54e46a5a +docker run -v /some/nginx.conf:/etc/nginx/nginx.conf:ro $(cat ../../NGINX_BASE) ``` diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index e6547f2fe..ecd4e5f58 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -23,7 +23,7 @@ REGISTRY ?= local IMAGE = $(REGISTRY)/e2e-test-runner -NGINX_BASE_IMAGE ?= registry.k8s.io/ingress-nginx/nginx:0ff500c23f34e939305de709cb6d47da34b66611@sha256:15f91034a03550dfab6ec50a7be4abbb683d087e234ad7fef5adedef54e46a5a +NGINX_BASE_IMAGE ?= $(shell cat $DIR/../../NGINX_BASE) # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 48c57a74e..c3dc04905 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -16,7 +16,7 @@ ARG BASE_IMAGE FROM ${BASE_IMAGE} -ARG TARGETARCH +ARG TARGET_ARCH ARG VERSION ARG COMMIT_SHA ARG BUILD_ID=UNSET @@ -41,9 +41,9 @@ RUN apk update \ COPY --chown=www-data:www-data etc /etc -COPY --chown=www-data:www-data bin/${TARGETARCH}/dbg / -COPY --chown=www-data:www-data bin/${TARGETARCH}/nginx-ingress-controller / -COPY --chown=www-data:www-data bin/${TARGETARCH}/wait-shutdown / +COPY --chown=www-data:www-data bin/${TARGET_ARCH}/dbg / +COPY --chown=www-data:www-data bin/${TARGET_ARCH}/nginx-ingress-controller / +COPY --chown=www-data:www-data bin/${TARGET_ARCH}/wait-shutdown / # Fix permission during the build to avoid issues at runtime # with volumes (custom templates) diff --git a/rootfs/Dockerfile.chroot b/rootfs/Dockerfile-chroot similarity index 95% rename from rootfs/Dockerfile.chroot rename to rootfs/Dockerfile-chroot index 69d2a0f71..2de47a71e 100644 --- a/rootfs/Dockerfile.chroot +++ b/rootfs/Dockerfile-chroot @@ -25,7 +25,7 @@ RUN apk update \ FROM alpine:3.16.0 -ARG TARGETARCH +ARG TARGET_ARCH ARG VERSION ARG COMMIT_SHA ARG BUILD_ID=UNSET @@ -64,9 +64,9 @@ COPY --from=chroot /chroot /chroot COPY --chown=www-data:www-data etc /chroot/etc -COPY --chown=www-data:www-data bin/${TARGETARCH}/dbg / -COPY --chown=www-data:www-data bin/${TARGETARCH}/nginx-ingress-controller / -COPY --chown=www-data:www-data bin/${TARGETARCH}/wait-shutdown / +COPY --chown=www-data:www-data bin/${TARGET_ARCH}/dbg / +COPY --chown=www-data:www-data bin/${TARGET_ARCH}/nginx-ingress-controller / +COPY --chown=www-data:www-data bin/${TARGET_ARCH}/wait-shutdown / COPY --chown=www-data:www-data nginx-chroot-wrapper.sh /usr/bin/nginx WORKDIR /chroot/etc/nginx diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index ab6b674af..e29c7524b 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,4 +1,5 @@ -FROM registry.k8s.io/ingress-nginx/e2e-test-runner:v20220624-g3348cd71e@sha256:2a34e322b7ff89abdfa0b6202f903bf5618578b699ff609a3ddabac0aae239c8 AS BASE +ARG E2E_BASE_IMAGE +FROM ${E2E_BASE_IMAGE} AS BASE FROM alpine:3.16.0 diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 3a012a2df..2973c5dad 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,5 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) +E2E_BASE_IMAGE="k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220110-gfd820db46@sha256:273f7d9b1b2297cd96b4d51600e45d932186a1cc79d00d179dfb43654112fe8f" image: echo "..entered Makefile in /test/e2e-image" @@ -15,6 +16,7 @@ image: cp -R $(DIR)/../../test/e2e/settings/ocsp/* . docker build \ + --build-arg E2E_BASE_IMAGE=$(E2E_BASE_IMAGE) \ --tag nginx-ingress-controller:e2e . clean: diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 3007d7d3a..f5da9ebe8 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -18,6 +18,8 @@ package framework import ( "context" + "errors" + "os" "time" "github.com/onsi/ginkgo" @@ -37,13 +39,11 @@ const SlowEchoService = "slow-echo" // HTTPBinService name of the deployment for the httpbin app const HTTPBinService = "httpbin" -// NginxBaseImage use for testing -const NginxBaseImage = "registry.k8s.io/ingress-nginx/nginx:0ff500c23f34e939305de709cb6d47da34b66611@sha256:15f91034a03550dfab6ec50a7be4abbb683d087e234ad7fef5adedef54e46a5a" - type deploymentOptions struct { namespace string name string replicas int + image string } // WithDeploymentNamespace allows configuring the deployment's namespace @@ -67,7 +67,7 @@ func WithDeploymentReplicas(r int) func(*deploymentOptions) { } } -// NewEchoDeployment creates a new single replica deployment of the echoserver image in a particular namespace +// NewEchoDeployment creates a new single replica deployment of the echo server image in a particular namespace func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { options := &deploymentOptions{ namespace: f.Namespace, @@ -150,6 +150,16 @@ http { f.NGINXWithConfigDeployment(SlowEchoService, cfg) } +func (f *Framework) GetNginxBaseImage() string { + nginxBaseImage := os.Getenv("NGINX_BASE_IMAGE") + + if nginxBaseImage == "" { + assert.NotEmpty(ginkgo.GinkgoT(), errors.New("NGINX_BASE_IMAGE not defined"), "NGINX_BASE_IMAGE not defined") + } + + return nginxBaseImage +} + // NGINXDeployment creates a new simple NGINX Deployment using NGINX base image // and passing the desired configuration func (f *Framework) NGINXDeployment(name string, cfg string, waitendpoint bool) { @@ -166,7 +176,7 @@ func (f *Framework) NGINXDeployment(name string, cfg string, waitendpoint bool) }, metav1.CreateOptions{}) assert.Nil(ginkgo.GinkgoT(), err, "creating configmap") - deployment := newDeployment(name, f.Namespace, NginxBaseImage, 80, 1, + deployment := newDeployment(name, f.Namespace, f.GetNginxBaseImage(), 80, 1, nil, []corev1.VolumeMount{ { diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 0e618244c..49ec146a7 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -50,6 +50,13 @@ export TAG=1.0.0-dev export ARCH=${ARCH:-amd64} export REGISTRY=ingress-controller +BASEDIR=$(dirname "$0") +NGINX_BASE_IMAGE=$(cat $BASEDIR/../../NGINX_BASE) + +echo "Running e2e with nginx base image ${NGINX_BASE_IMAGE}" + +export NGINX_BASE_IMAGE=$NGINX_BASE_IMAGE + export KUBECONFIG="${KUBECONFIG:-$HOME/.kube/kind-config-$KIND_CLUSTER_NAME}" if [ "${SKIP_CLUSTER_CREATION:-false}" = "false" ]; then diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 00ea73299..6edc18848 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -51,6 +51,12 @@ export TAG=1.0.0-dev export ARCH=${ARCH:-amd64} export REGISTRY=ingress-controller +NGINX_BASE_IMAGE=$(cat $DIR/../../NGINX_BASE) + +echo "Running e2e with nginx base image ${NGINX_BASE_IMAGE}" + +export NGINX_BASE_IMAGE=$NGINX_BASE_IMAGE + export DOCKER_CLI_EXPERIMENTAL=enabled export KUBECONFIG="${KUBECONFIG:-$HOME/.kube/kind-config-$KIND_CLUSTER_NAME}" diff --git a/build/test-lua.sh b/test/test-lua.sh similarity index 100% rename from build/test-lua.sh rename to test/test-lua.sh diff --git a/build/test.sh b/test/test.sh similarity index 100% rename from build/test.sh rename to test/test.sh From cf4dca8e43ad87e95d3a2fd4d708f3eb8c35de97 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Sat, 9 Jul 2022 20:37:46 +0800 Subject: [PATCH 162/494] feat: migrate leaderelection lock to leases (#8733) * feat: migrate leaderelection lock to leases Signed-off-by: Jintao Zhang * Update RBAC Co-authored-by: Shafeeque E S --- .../ingress-nginx/templates/clusterrole.yaml | 7 ++++++ .../templates/controller-role.yaml | 15 ++++++++++++ internal/ingress/controller/status.go | 24 ++++++++++++++----- 3 files changed, 40 insertions(+), 6 deletions(-) diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml index c093f048a..0e725ec06 100644 --- a/charts/ingress-nginx/templates/clusterrole.yaml +++ b/charts/ingress-nginx/templates/clusterrole.yaml @@ -29,6 +29,13 @@ rules: verbs: - list - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch {{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }} - apiGroups: - "" diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 47bbc32d0..8e5f8a0d7 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -73,6 +73,21 @@ rules: - configmaps verbs: - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - {{ .Values.controller.electionID }} + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: diff --git a/internal/ingress/controller/status.go b/internal/ingress/controller/status.go index 7b90594a9..a56a6b831 100644 --- a/internal/ingress/controller/status.go +++ b/internal/ingress/controller/status.go @@ -93,12 +93,24 @@ func setupLeaderElection(config *leaderElectionConfig) { Host: hostname, }) - lock := resourcelock.ConfigMapLock{ - ConfigMapMeta: metav1.ObjectMeta{Namespace: k8s.IngressPodDetails.Namespace, Name: config.ElectionID}, - Client: config.Client.CoreV1(), - LockConfig: resourcelock.ResourceLockConfig{ - Identity: k8s.IngressPodDetails.Name, - EventRecorder: recorder, + objectMeta := metav1.ObjectMeta{Namespace: k8s.IngressPodDetails.Namespace, Name: config.ElectionID} + resourceLockConfig := resourcelock.ResourceLockConfig{ + Identity: k8s.IngressPodDetails.Name, + EventRecorder: recorder, + } + + // TODO: If we upgrade client-go to v0.24 then we can only use LeaseLock. + // MultiLock is used for lock's migration + lock := resourcelock.MultiLock{ + Primary: &resourcelock.ConfigMapLock{ + ConfigMapMeta: objectMeta, + Client: config.Client.CoreV1(), + LockConfig: resourceLockConfig, + }, + Secondary: &resourcelock.LeaseLock{ + LeaseMeta: objectMeta, + Client: config.Client.CoordinationV1(), + LockConfig: resourceLockConfig, }, } From 60b714336e81ee8089a3e989b0df40d1730b87e6 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Sun, 10 Jul 2022 02:41:46 +0800 Subject: [PATCH 163/494] fix: add MAC_OS variable for static-check (#8796) --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 7994ac377..f2d486c9c 100644 --- a/Makefile +++ b/Makefile @@ -146,6 +146,7 @@ clean: ## Remove .gocache directory. .PHONY: static-check static-check: ## Run verification script for boilerplate, codegen, gofmt, golint, lualint and chart-lint. @build/run-in-docker.sh \ + MAC_OS=$(MAC_OS) \ hack/verify-all.sh ############################### From 9325819345b7b160198e29a7601d34d6a8e9d02a Mon Sep 17 00:00:00 2001 From: Steven Bambling Date: Sun, 10 Jul 2022 17:05:47 -0400 Subject: [PATCH 164/494] Add condition for monitoring.coreos.com/v1 API (#8770) --- charts/ingress-nginx/templates/controller-prometheusrules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/controller-prometheusrules.yaml b/charts/ingress-nginx/templates/controller-prometheusrules.yaml index ca5427523..78b5362e8 100644 --- a/charts/ingress-nginx/templates/controller-prometheusrules.yaml +++ b/charts/ingress-nginx/templates/controller-prometheusrules.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}} +{{- if and ( .Values.controller.metrics.enabled ) ( .Values.controller.metrics.prometheusRule.enabled ) ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) -}} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: From 8f6c2e6b2e654cb6fdd8d3c0b5bb2ffe8da627f2 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 10 Jul 2022 22:35:47 -0300 Subject: [PATCH 165/494] Add v1.24.0 to test matrix (#8798) --- .github/workflows/ci.yaml | 4 ++-- build/run-e2e-suite.sh | 15 ++++++++++----- build/run-in-docker.sh | 1 + go.mod | 8 ++++---- go.sum | 15 +++++++++++---- hack/generate-deploy-scripts.sh | 2 +- 6 files changed, 29 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index dd9fd0328..c42a2ac7c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -208,7 +208,7 @@ jobs: strategy: matrix: - k8s: [v1.19.11, v1.20.7, v1.21.2, v1.22.9, v1.23.6] + k8s: [v1.21.2, v1.22.9, v1.23.6, v1.24.0] steps: @@ -265,7 +265,7 @@ jobs: strategy: matrix: - k8s: [v1.21.10, v1.22.9, v1.23.6] + k8s: [v1.21.10, v1.22.9, v1.23.6, v1.24.0] steps: diff --git a/build/run-e2e-suite.sh b/build/run-e2e-suite.sh index d23a504e6..15eacc355 100755 --- a/build/run-e2e-suite.sh +++ b/build/run-e2e-suite.sh @@ -65,11 +65,16 @@ kubectl create clusterrolebinding permissive-binding \ --user=kubelet \ --serviceaccount=default:ingress-nginx-e2e || true -echo -e "${BGREEN}Waiting service account...${NC}"; \ -until kubectl get secret | grep -q -e ^ingress-nginx-e2e-token; do \ - echo -e "waiting for api token"; \ - sleep 3; \ -done + +VER=$(kubectl version --client=false -o json |jq '.serverVersion.minor |tonumber') +if [ $VER -lt 24 ]; then + echo -e "${BGREEN}Waiting service account...${NC}"; \ + until kubectl get secret | grep -q -e ^ingress-nginx-e2e-token; do \ + echo -e "waiting for api token"; \ + sleep 3; \ + done +fi + echo -e "Starting the e2e test pod" diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 8f04a9920..d2cfe9552 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -65,6 +65,7 @@ fi USER=${USER:-nobody} +MAC_OS="${MAC_OS:-}" if [[ ${MAC_OS} == "Darwin" ]]; then MAC_DOCKER_FLAGS="" else diff --git a/go.mod b/go.mod index 0fb419511..917fc100c 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a - golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 + golang.org/x/crypto v0.0.0-20220214200702-86341886e292 golang.org/x/net v0.0.0-20220225172249-27dd8689420f google.golang.org/grpc v1.47.0 gopkg.in/go-playground/pool.v3 v3.1.1 @@ -56,7 +56,7 @@ require ( github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/ajg/form v1.5.1 // indirect - github.com/andybalholm/brotli v1.0.2 // indirect + github.com/andybalholm/brotli v1.0.4 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -91,7 +91,7 @@ require ( github.com/imkira/go-interpol v1.0.0 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/josharian/intern v1.0.0 // indirect - github.com/klauspost/compress v1.12.2 // indirect + github.com/klauspost/compress v1.15.7 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect @@ -109,7 +109,7 @@ require ( github.com/sergi/go-diff v1.1.0 // indirect github.com/sirupsen/logrus v1.8.1 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect - github.com/valyala/fasthttp v1.27.0 // indirect + github.com/valyala/fasthttp v1.38.0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.1.0 // indirect diff --git a/go.sum b/go.sum index fe46d98a5..fac6db75e 100644 --- a/go.sum +++ b/go.sum @@ -71,8 +71,9 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/andybalholm/brotli v1.0.2 h1:JKnhI/XQ75uFBTiuzXpzFrUriDPiZjlOSzh6wXogP0E= github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= +github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= +github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -371,8 +372,10 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.12.2 h1:2KCfW3I9M7nSc5wOqXAlW2v2U6v+w6cbjvbfp+OykW8= github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/klauspost/compress v1.15.7 h1:7cgTQxJCU/vy+oP/E3B9RGbQTgbiVzIJWIKOLoAsPok= +github.com/klauspost/compress v1.15.7/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= @@ -593,8 +596,9 @@ github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgC github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/valyala/fasthttp v1.27.0 h1:gDefRDL9aqSiwXV6aRW8aSBPs82y4KizSzHrBLf4NDI= github.com/valyala/fasthttp v1.27.0/go.mod h1:cmWIqlu99AO/RKcp1HWaViTqc57FswJOfYYdPJBl8BA= +github.com/valyala/fasthttp v1.38.0 h1:yTjSSNjuDi2PPvXY2836bIwLmiTS2T4T9p1coQshpco= +github.com/valyala/fasthttp v1.38.0/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I= github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= @@ -677,8 +681,9 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE= +golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -764,6 +769,7 @@ golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc= @@ -868,6 +874,7 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff --git a/hack/generate-deploy-scripts.sh b/hack/generate-deploy-scripts.sh index 598e60fc4..c85f21705 100755 --- a/hack/generate-deploy-scripts.sh +++ b/hack/generate-deploy-scripts.sh @@ -26,7 +26,7 @@ set -o pipefail # with enough docs updates, this could be removed # see # DEFAULT VERSION HANDLING K8S_DEFAULT_VERSION=1.20 -K8S_TARGET_VERSIONS=("1.19" "1.20" "1.21" "1.22" "1.23") +K8S_TARGET_VERSIONS=("1.20" "1.21" "1.22" "1.23" "1.24") DIR=$(cd $(dirname "${BASH_SOURCE}")/.. && pwd -P) From 97c45faedec7d6425afa1cdd636df10b0b50682f Mon Sep 17 00:00:00 2001 From: Kevin Scholz Date: Mon, 11 Jul 2022 03:59:47 +0200 Subject: [PATCH 166/494] Fix example Helm chart values to enable custom http errors (#8558) --- .../custom-errors/custom-default-backend.helm.values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml index 52ddb24a9..2cf866c11 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml @@ -1,5 +1,6 @@ controller: - custom-http-errors: "404,503" + config: + custom-http-errors: "404,503" defaultBackend: enabled: true image: From 23b0735eb19e19d2019e0d734ed34c02d2c6c11b Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Mon, 11 Jul 2022 11:29:48 +0530 Subject: [PATCH 167/494] bumped to alpine3.16 (#8803) --- NGINX_BASE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NGINX_BASE b/NGINX_BASE index a882c352d..cab849353 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:0ff500c23f34e939305de709cb6d47da34b66611@sha256:15f91034a03550dfab6ec50a7be4abbb683d087e234ad7fef5adedef54e46a5a \ No newline at end of file +registry.k8s.io/ingress-nginx/nginx:e1a16f6e74ef43cdfd59de75b3394d6b20ef7645@sha256:283c8c6132ebaeb155c927ea6e8ae0cd834a4a05d4807eceafa1b6e44d875911 From caac91ce662f0fac188bc466874172c037eeabcb Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Mon, 11 Jul 2022 16:13:50 +0800 Subject: [PATCH 168/494] chore: start v1.3.0 release process (#8802) Signed-off-by: Jintao Zhang --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 6a5e98a74..8b3a0227b 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.2.1 +v1.3.0 \ No newline at end of file From 771ce1c6dd0ccf07c744fdcf90ed34957a6a0a00 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Mon, 11 Jul 2022 09:00:08 -0300 Subject: [PATCH 169/494] revert arch var name (#8808) --- Makefile | 4 ++-- TAG | 2 +- rootfs/Dockerfile | 8 ++++---- rootfs/Dockerfile-chroot | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index f2d486c9c..bafddeef2 100644 --- a/Makefile +++ b/Makefile @@ -79,7 +79,7 @@ image: clean-image ## Build image for a particular arch. --pull \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ - --build-arg TARGET_ARCH="$(ARCH)" \ + --build-arg TARGETARCH="$(ARCH)" \ --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg BUILD_ID="$(BUILD_ID)" \ -t $(REGISTRY)/controller:$(TAG) rootfs @@ -97,7 +97,7 @@ image-chroot: clean-chroot-image ## Build image for a particular arch. --pull \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ - --build-arg TARGET_ARCH="$(ARCH)" \ + --build-arg TARGETARCH="$(ARCH)" \ --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg BUILD_ID="$(BUILD_ID)" \ -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile-chroot diff --git a/TAG b/TAG index 8b3a0227b..50ace7512 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.0 \ No newline at end of file +v1.3.0-beta.0 \ No newline at end of file diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index c3dc04905..48c57a74e 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -16,7 +16,7 @@ ARG BASE_IMAGE FROM ${BASE_IMAGE} -ARG TARGET_ARCH +ARG TARGETARCH ARG VERSION ARG COMMIT_SHA ARG BUILD_ID=UNSET @@ -41,9 +41,9 @@ RUN apk update \ COPY --chown=www-data:www-data etc /etc -COPY --chown=www-data:www-data bin/${TARGET_ARCH}/dbg / -COPY --chown=www-data:www-data bin/${TARGET_ARCH}/nginx-ingress-controller / -COPY --chown=www-data:www-data bin/${TARGET_ARCH}/wait-shutdown / +COPY --chown=www-data:www-data bin/${TARGETARCH}/dbg / +COPY --chown=www-data:www-data bin/${TARGETARCH}/nginx-ingress-controller / +COPY --chown=www-data:www-data bin/${TARGETARCH}/wait-shutdown / # Fix permission during the build to avoid issues at runtime # with volumes (custom templates) diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index 2de47a71e..69d2a0f71 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -25,7 +25,7 @@ RUN apk update \ FROM alpine:3.16.0 -ARG TARGET_ARCH +ARG TARGETARCH ARG VERSION ARG COMMIT_SHA ARG BUILD_ID=UNSET @@ -64,9 +64,9 @@ COPY --from=chroot /chroot /chroot COPY --chown=www-data:www-data etc /chroot/etc -COPY --chown=www-data:www-data bin/${TARGET_ARCH}/dbg / -COPY --chown=www-data:www-data bin/${TARGET_ARCH}/nginx-ingress-controller / -COPY --chown=www-data:www-data bin/${TARGET_ARCH}/wait-shutdown / +COPY --chown=www-data:www-data bin/${TARGETARCH}/dbg / +COPY --chown=www-data:www-data bin/${TARGETARCH}/nginx-ingress-controller / +COPY --chown=www-data:www-data bin/${TARGETARCH}/wait-shutdown / COPY --chown=www-data:www-data nginx-chroot-wrapper.sh /usr/bin/nginx WORKDIR /chroot/etc/nginx From c41440f235dab68082d2062dd9308618bd0ddcae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Jul 2022 07:03:50 -0700 Subject: [PATCH 170/494] Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1 (#8805) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.60.1 to 2.70.1. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.60.1...v2.70.1) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 917fc100c..b8460ceda 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( k8s.io/client-go v0.23.6 k8s.io/code-generator v0.23.5 k8s.io/component-base v0.23.6 - k8s.io/klog/v2 v2.60.1 + k8s.io/klog/v2 v2.70.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 sigs.k8s.io/mdtoc v1.1.0 diff --git a/go.sum b/go.sum index fac6db75e..36c270e5e 100644 --- a/go.sum +++ b/go.sum @@ -1154,8 +1154,8 @@ k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc= -k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ= +k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= From 2b7b74854d90ad9b4b96a5011b9e8b67d20bfb8f Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Mon, 11 Jul 2022 11:22:21 -0300 Subject: [PATCH 171/494] Prepare for v1.3.0 (#8810) --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 50ace7512..18fa8e74f 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.0-beta.0 \ No newline at end of file +v1.3.0 From e222b74b9e1055e34259eab0281974af77281df6 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 12 Jul 2022 10:30:50 -0300 Subject: [PATCH 172/494] Release v1.3.0 (#8811) * Release v1.3.0 * Update charts/ingress-nginx/CHANGELOG.md Co-authored-by: Jintao Zhang * Update charts/ingress-nginx/README.md * Update Changelog.md Co-authored-by: Jintao Zhang Co-authored-by: James Strong Co-authored-by: Jintao Zhang --- Changelog.md | 54 +++++++++++++ README.md | 2 +- charts/ingress-nginx/CHANGELOG.md | 42 ++++++++++ charts/ingress-nginx/Chart.yaml | 52 ++++++++++--- charts/ingress-nginx/README.md | 12 +-- charts/ingress-nginx/values.yaml | 7 +- deploy/static/provider/aws/1.20/deploy.yaml | 64 ++++++++++----- deploy/static/provider/aws/1.21/deploy.yaml | 64 ++++++++++----- deploy/static/provider/aws/1.22/deploy.yaml | 64 ++++++++++----- deploy/static/provider/aws/1.23/deploy.yaml | 64 ++++++++++----- .../provider/aws/{1.19 => 1.24}/deploy.yaml | 76 ++++++++++++------ .../aws/{1.19 => 1.24}/kustomization.yaml | 0 deploy/static/provider/aws/deploy.yaml | 64 ++++++++++----- .../nlb-with-tls-termination/1.20/deploy.yaml | 64 ++++++++++----- .../nlb-with-tls-termination/1.21/deploy.yaml | 64 ++++++++++----- .../nlb-with-tls-termination/1.22/deploy.yaml | 64 ++++++++++----- .../nlb-with-tls-termination/1.23/deploy.yaml | 64 ++++++++++----- .../{1.19 => 1.24}/deploy.yaml | 76 ++++++++++++------ .../{1.19 => 1.24}/kustomization.yaml | 0 .../aws/nlb-with-tls-termination/deploy.yaml | 64 ++++++++++----- .../provider/baremetal/1.20/deploy.yaml | 64 ++++++++++----- .../provider/baremetal/1.21/deploy.yaml | 64 ++++++++++----- .../provider/baremetal/1.22/deploy.yaml | 64 ++++++++++----- .../provider/baremetal/1.23/deploy.yaml | 64 ++++++++++----- .../baremetal/{1.19 => 1.24}/deploy.yaml | 76 ++++++++++++------ .../{1.19 => 1.24}/kustomization.yaml | 0 deploy/static/provider/baremetal/deploy.yaml | 64 ++++++++++----- deploy/static/provider/cloud/1.20/deploy.yaml | 64 ++++++++++----- deploy/static/provider/cloud/1.21/deploy.yaml | 64 ++++++++++----- deploy/static/provider/cloud/1.22/deploy.yaml | 64 ++++++++++----- deploy/static/provider/cloud/1.23/deploy.yaml | 64 ++++++++++----- .../provider/cloud/{1.19 => 1.24}/deploy.yaml | 76 ++++++++++++------ .../cloud/{1.19 => 1.24}/kustomization.yaml | 0 deploy/static/provider/cloud/deploy.yaml | 64 ++++++++++----- deploy/static/provider/do/1.20/deploy.yaml | 64 ++++++++++----- deploy/static/provider/do/1.21/deploy.yaml | 64 ++++++++++----- deploy/static/provider/do/1.22/deploy.yaml | 64 ++++++++++----- deploy/static/provider/do/1.23/deploy.yaml | 64 ++++++++++----- .../provider/do/{1.19 => 1.24}/deploy.yaml | 76 ++++++++++++------ .../do/{1.19 => 1.24}/kustomization.yaml | 0 deploy/static/provider/do/deploy.yaml | 64 ++++++++++----- .../static/provider/exoscale/1.20/deploy.yaml | 65 ++++++++++------ .../static/provider/exoscale/1.21/deploy.yaml | 65 ++++++++++------ .../static/provider/exoscale/1.22/deploy.yaml | 65 ++++++++++------ .../static/provider/exoscale/1.23/deploy.yaml | 65 ++++++++++------ .../exoscale/{1.19 => 1.24}/deploy.yaml | 77 +++++++++++++------ .../{1.19 => 1.24}/kustomization.yaml | 0 deploy/static/provider/exoscale/deploy.yaml | 64 ++++++++++----- deploy/static/provider/kind/1.20/deploy.yaml | 64 ++++++++++----- deploy/static/provider/kind/1.21/deploy.yaml | 64 ++++++++++----- deploy/static/provider/kind/1.22/deploy.yaml | 64 ++++++++++----- deploy/static/provider/kind/1.23/deploy.yaml | 64 ++++++++++----- .../provider/kind/{1.19 => 1.24}/deploy.yaml | 76 ++++++++++++------ .../kind/{1.19 => 1.24}/kustomization.yaml | 0 deploy/static/provider/kind/deploy.yaml | 64 ++++++++++----- deploy/static/provider/scw/1.20/deploy.yaml | 64 ++++++++++----- deploy/static/provider/scw/1.21/deploy.yaml | 64 ++++++++++----- deploy/static/provider/scw/1.22/deploy.yaml | 64 ++++++++++----- deploy/static/provider/scw/1.23/deploy.yaml | 64 ++++++++++----- .../provider/scw/{1.19 => 1.24}/deploy.yaml | 76 ++++++++++++------ .../scw/{1.19 => 1.24}/kustomization.yaml | 0 deploy/static/provider/scw/deploy.yaml | 64 ++++++++++----- docs/deploy/index.md | 20 ++--- 63 files changed, 2294 insertions(+), 1068 deletions(-) rename deploy/static/provider/aws/{1.19 => 1.24}/deploy.yaml (91%) rename deploy/static/provider/aws/{1.19 => 1.24}/kustomization.yaml (100%) rename deploy/static/provider/aws/nlb-with-tls-termination/{1.19 => 1.24}/deploy.yaml (91%) rename deploy/static/provider/aws/nlb-with-tls-termination/{1.19 => 1.24}/kustomization.yaml (100%) rename deploy/static/provider/baremetal/{1.19 => 1.24}/deploy.yaml (91%) rename deploy/static/provider/baremetal/{1.19 => 1.24}/kustomization.yaml (100%) rename deploy/static/provider/cloud/{1.19 => 1.24}/deploy.yaml (91%) rename deploy/static/provider/cloud/{1.19 => 1.24}/kustomization.yaml (100%) rename deploy/static/provider/do/{1.19 => 1.24}/deploy.yaml (91%) rename deploy/static/provider/do/{1.19 => 1.24}/kustomization.yaml (100%) rename deploy/static/provider/exoscale/{1.19 => 1.24}/deploy.yaml (91%) rename deploy/static/provider/exoscale/{1.19 => 1.24}/kustomization.yaml (100%) rename deploy/static/provider/kind/{1.19 => 1.24}/deploy.yaml (91%) rename deploy/static/provider/kind/{1.19 => 1.24}/kustomization.yaml (100%) rename deploy/static/provider/scw/{1.19 => 1.24}/deploy.yaml (91%) rename deploy/static/provider/scw/{1.19 => 1.24}/kustomization.yaml (100%) diff --git a/Changelog.md b/Changelog.md index 494a0226b..d4a6bbcd1 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,59 @@ # Changelog +### 1.3.0 + +Image: +- registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 +- registry.k8s.io/ingress-nginx/controller-chroot:v1.3.0@sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191 + +_IMPORTANT CHANGES:_ +* This release removes support for Kubernetes v1.19.0 +* This release adds support for Kubernetes v1.24.0 +* Starting with this release, we will need permissions on the `coordination.k8s.io/leases` resource for leaderelection lock + +_KNOWN ISSUES:_ +* This release reports a false positive on go-restful library that will be fixed with Kubernetes v1.25 release - Issue #8745 + +_Changes:_ +- "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0" +- "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name" +- "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1" +- "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16" +- "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process" +- "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix" +- "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check" +- "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16" +- "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0" +- "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process" +- "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable" +- "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15" +- "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2" +- "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format" +- "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API" +- "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide" +- "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs" +- "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14" +- "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0" +- "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5" +- "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement" +- "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver" +- "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step" +- "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha" +- "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path" +- "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases" +- "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds" +- "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps" +- "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)" +- "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard" +- "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0" +- "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2" +- "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos" +- "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it" +- "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0" +- "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0" +- "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3" +- "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1" + ### 1.2.1 Image: diff --git a/README.md b/README.md index 19a1c2f15..c8bdcdf86 100644 --- a/README.md +++ b/README.md @@ -31,8 +31,8 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | | v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | -| v1.2.0 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | | v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | | v1.1.2 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | v1.1.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index 201a4f044..bedb9f720 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -2,6 +2,48 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 4.2.0 + +- Support for Kubernetes v1.19.0 was removed +- "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0" +- "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name" +- "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1" +- "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16" +- "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process" +- "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix" +- "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check" +- "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16" +- "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0" +- "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process" +- "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable" +- "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15" +- "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2" +- "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format" +- "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API" +- "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide" +- "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs" +- "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14" +- "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0" +- "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5" +- "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement" +- "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver" +- "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step" +- "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha" +- "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path" +- "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases" +- "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds" +- "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps" +- "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)" +- "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard" +- "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0" +- "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2" +- "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos" +- "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it" +- "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0" +- "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0" +- "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3" +- "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1" + ### 4.1.2 - "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed" diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 0f2d3b37a..d30f94fe8 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.1.4 -appVersion: 1.2.1 +version: 4.2.0 +appVersion: 1.3.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -18,7 +18,7 @@ maintainers: - name: strongjz - name: tao12345666333 engine: gotpl -kubeVersion: ">=1.19.0-0" +kubeVersion: ">=1.20.0-0" annotations: # Use this annotation to indicate that this chart version is a pre-release. # https://artifacthub.io/docs/topics/annotations/helm/ @@ -26,11 +26,41 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "[8459](https://github.com/kubernetes/ingress-nginx/pull/8459) Update default allowed CORS headers" - - "[8202](https://github.com/kubernetes/ingress-nginx/pull/8202) disable modsecurity on error page" - - "[8178](https://github.com/kubernetes/ingress-nginx/pull/8178) Add header Host into mirror annotations" - - "[8213](https://github.com/kubernetes/ingress-nginx/pull/8213) feat: always set auth cookie" - - "[8548](https://github.com/kubernetes/ingress-nginx/pull/8548) Implement reporting status classes in metrics" - - "[8612](https://github.com/kubernetes/ingress-nginx/pull/8612) move so files under /etc/nginx/modules" - - "[8624](https://github.com/kubernetes/ingress-nginx/pull/8624) Add patch to remove root and alias directives" - - "[8623](https://github.com/kubernetes/ingress-nginx/pull/8623) Improve path rule" + - "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0" + - "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name" + - "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1" + - "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16" + - "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process" + - "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix" + - "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check" + - "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16" + - "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0" + - "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process" + - "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable" + - "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15" + - "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2" + - "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format" + - "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API" + - "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide" + - "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs" + - "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14" + - "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0" + - "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5" + - "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement" + - "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver" + - "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step" + - "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha" + - "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path" + - "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases" + - "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds" + - "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps" + - "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)" + - "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard" + - "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0" + - "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2" + - "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos" + - "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it" + - "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0" + - "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0" + - "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3" + - "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 5f59b8771..942cf0467 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.1.4](https://img.shields.io/badge/Version-4.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square) +![Version: 4.2.0](https://img.shields.io/badge/Version-4.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -231,7 +231,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu ## Requirements -Kubernetes: `>=1.19.0-0` +Kubernetes: `>=1.20.0-0` ## Values @@ -245,7 +245,7 @@ Kubernetes: `>=1.19.0-0` | controller.admissionWebhooks.enabled | bool | `true` | | | controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set | -| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | | +| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use | | controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | | | controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks | | controller.admissionWebhooks.namespaceSelector | object | `{}` | | @@ -308,13 +308,13 @@ Kubernetes: `>=1.19.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8"` | | -| controller.image.digestChroot | string | `"sha256:d301551cf62bc3fb75c69fa56f7aa1d9e87b5079333adaf38afe84d9b7439355"` | | +| controller.image.digest | string | `"sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5"` | | +| controller.image.digestChroot | string | `"sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.2.1"` | | +| controller.image.tag | string | `"v1.3.0"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 485e434b2..cddc2c742 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.2.1" - digest: sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 - digestChroot: sha256:d301551cf62bc3fb75c69fa56f7aa1d9e87b5079333adaf38afe84d9b7439355 + tag: "v1.3.0" + digest: sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + digestChroot: sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 @@ -602,6 +602,7 @@ controller: # secretKeyRef: # key: FOO # name: secret-resource + # -- Admission Webhook failure policy to use failurePolicy: Fail # timeoutSeconds: 10 port: 8443 diff --git a/deploy/static/provider/aws/1.20/deploy.yaml b/deploy/static/provider/aws/1.20/deploy.yaml index 6fae0ae8b..dac9dcc5f 100644 --- a/deploy/static/provider/aws/1.20/deploy.yaml +++ b/deploy/static/provider/aws/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -351,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -374,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +436,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -486,7 +508,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -497,7 +519,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -533,7 +555,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -544,7 +566,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -582,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -595,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.21/deploy.yaml b/deploy/static/provider/aws/1.21/deploy.yaml index f78b0e3d3..b681014f8 100644 --- a/deploy/static/provider/aws/1.21/deploy.yaml +++ b/deploy/static/provider/aws/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -354,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +511,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +522,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +558,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +569,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.22/deploy.yaml b/deploy/static/provider/aws/1.22/deploy.yaml index f78b0e3d3..b681014f8 100644 --- a/deploy/static/provider/aws/1.22/deploy.yaml +++ b/deploy/static/provider/aws/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -354,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +511,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +522,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +558,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +569,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.23/deploy.yaml b/deploy/static/provider/aws/1.23/deploy.yaml index f78b0e3d3..b681014f8 100644 --- a/deploy/static/provider/aws/1.23/deploy.yaml +++ b/deploy/static/provider/aws/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -354,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -377,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +511,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +522,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +558,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +569,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.19/deploy.yaml b/deploy/static/provider/aws/1.24/deploy.yaml similarity index 91% rename from deploy/static/provider/aws/1.19/deploy.yaml rename to deploy/static/provider/aws/1.24/deploy.yaml index daf20ebd6..b681014f8 100644 --- a/deploy/static/provider/aws/1.19/deploy.yaml +++ b/deploy/static/provider/aws/1.24/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,17 +343,22 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - - name: http + - appProtocol: http + name: http port: 80 protocol: TCP targetPort: http - - name: https + - appProtocol: https + name: https port: 443 protocol: TCP targetPort: https @@ -349,12 +376,13 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: ports: - - name: https-webhook + - appProtocol: https + name: https-webhook port: 443 targetPort: webhook selector: @@ -371,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +511,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +522,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +558,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +569,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/1.19/kustomization.yaml b/deploy/static/provider/aws/1.24/kustomization.yaml similarity index 100% rename from deploy/static/provider/aws/1.19/kustomization.yaml rename to deploy/static/provider/aws/1.24/kustomization.yaml diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 6fae0ae8b..dac9dcc5f 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -321,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -351,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -374,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +436,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -486,7 +508,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -497,7 +519,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -533,7 +555,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -544,7 +566,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -582,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -595,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml index ec286b9df..90ad0c5d8 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +334,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +352,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +382,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +405,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +445,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -498,7 +520,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -509,7 +531,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -545,7 +567,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -556,7 +578,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -594,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -607,7 +629,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml index 1c6c702db..668494a97 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +334,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +352,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -363,7 +385,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -386,7 +408,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -426,7 +448,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -501,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -512,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -559,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -610,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml index 1c6c702db..668494a97 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +334,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +352,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -363,7 +385,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -386,7 +408,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -426,7 +448,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -501,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -512,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -559,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -610,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml index 1c6c702db..668494a97 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +334,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +352,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -363,7 +385,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -386,7 +408,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -426,7 +448,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -501,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -512,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -559,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -610,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml similarity index 91% rename from deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml rename to deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml index 4a49884a7..668494a97 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +334,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,17 +352,22 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - - name: http + - appProtocol: http + name: http port: 80 protocol: TCP targetPort: tohttps - - name: https + - appProtocol: https + name: https port: 443 protocol: TCP targetPort: http @@ -358,12 +385,13 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: ports: - - name: https-webhook + - appProtocol: https + name: https-webhook port: 443 targetPort: webhook selector: @@ -380,7 +408,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -420,7 +448,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.19/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.24/kustomization.yaml similarity index 100% rename from deploy/static/provider/aws/nlb-with-tls-termination/1.19/kustomization.yaml rename to deploy/static/provider/aws/nlb-with-tls-termination/1.24/kustomization.yaml diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index ec286b9df..90ad0c5d8 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -312,7 +334,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -330,7 +352,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +382,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +405,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +445,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -498,7 +520,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -509,7 +531,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -545,7 +567,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -556,7 +578,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -594,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -607,7 +629,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.20/deploy.yaml b/deploy/static/provider/baremetal/1.20/deploy.yaml index f53f5c199..bd28be30a 100644 --- a/deploy/static/provider/baremetal/1.20/deploy.yaml +++ b/deploy/static/provider/baremetal/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -346,7 +368,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -369,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -408,7 +430,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -480,7 +502,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -491,7 +513,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -527,7 +549,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -538,7 +560,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -576,7 +598,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -589,7 +611,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.21/deploy.yaml b/deploy/static/provider/baremetal/1.21/deploy.yaml index 904063e64..d754ed501 100644 --- a/deploy/static/provider/baremetal/1.21/deploy.yaml +++ b/deploy/static/provider/baremetal/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +433,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +505,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +516,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +552,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +563,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +601,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +614,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.22/deploy.yaml b/deploy/static/provider/baremetal/1.22/deploy.yaml index 904063e64..d754ed501 100644 --- a/deploy/static/provider/baremetal/1.22/deploy.yaml +++ b/deploy/static/provider/baremetal/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +433,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +505,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +516,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +552,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +563,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +601,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +614,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.23/deploy.yaml b/deploy/static/provider/baremetal/1.23/deploy.yaml index 904063e64..d754ed501 100644 --- a/deploy/static/provider/baremetal/1.23/deploy.yaml +++ b/deploy/static/provider/baremetal/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +433,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -483,7 +505,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -494,7 +516,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +552,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -541,7 +563,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +601,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -592,7 +614,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.19/deploy.yaml b/deploy/static/provider/baremetal/1.24/deploy.yaml similarity index 91% rename from deploy/static/provider/baremetal/1.19/deploy.yaml rename to deploy/static/provider/baremetal/1.24/deploy.yaml index eab63a107..d754ed501 100644 --- a/deploy/static/provider/baremetal/1.19/deploy.yaml +++ b/deploy/static/provider/baremetal/1.24/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,16 +339,21 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - - name: http + - appProtocol: http + name: http port: 80 protocol: TCP targetPort: http - - name: https + - appProtocol: https + name: https port: 443 protocol: TCP targetPort: https @@ -344,12 +371,13 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: ports: - - name: https-webhook + - appProtocol: https + name: https-webhook port: 443 targetPort: webhook selector: @@ -366,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -405,7 +433,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -477,7 +505,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -488,7 +516,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -524,7 +552,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -535,7 +563,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -573,7 +601,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -586,7 +614,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/1.19/kustomization.yaml b/deploy/static/provider/baremetal/1.24/kustomization.yaml similarity index 100% rename from deploy/static/provider/baremetal/1.19/kustomization.yaml rename to deploy/static/provider/baremetal/1.24/kustomization.yaml diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index f53f5c199..bd28be30a 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -346,7 +368,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -369,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -408,7 +430,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -480,7 +502,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -491,7 +513,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -527,7 +549,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -538,7 +560,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -576,7 +598,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -589,7 +611,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.20/deploy.yaml b/deploy/static/provider/cloud/1.20/deploy.yaml index 2fa3fc858..460ab898c 100644 --- a/deploy/static/provider/cloud/1.20/deploy.yaml +++ b/deploy/static/provider/cloud/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -347,7 +369,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -370,7 +392,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +432,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +504,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +515,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +551,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +562,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +600,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +613,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.21/deploy.yaml b/deploy/static/provider/cloud/1.21/deploy.yaml index 6cc44e56e..418556f55 100644 --- a/deploy/static/provider/cloud/1.21/deploy.yaml +++ b/deploy/static/provider/cloud/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +435,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +507,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +518,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +554,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +565,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +603,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.22/deploy.yaml b/deploy/static/provider/cloud/1.22/deploy.yaml index 6cc44e56e..418556f55 100644 --- a/deploy/static/provider/cloud/1.22/deploy.yaml +++ b/deploy/static/provider/cloud/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +435,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +507,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +518,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +554,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +565,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +603,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.23/deploy.yaml b/deploy/static/provider/cloud/1.23/deploy.yaml index 6cc44e56e..418556f55 100644 --- a/deploy/static/provider/cloud/1.23/deploy.yaml +++ b/deploy/static/provider/cloud/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +435,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +507,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +518,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +554,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +565,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +603,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.19/deploy.yaml b/deploy/static/provider/cloud/1.24/deploy.yaml similarity index 91% rename from deploy/static/provider/cloud/1.19/deploy.yaml rename to deploy/static/provider/cloud/1.24/deploy.yaml index ff517ba27..418556f55 100644 --- a/deploy/static/provider/cloud/1.19/deploy.yaml +++ b/deploy/static/provider/cloud/1.24/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,17 +339,22 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - - name: http + - appProtocol: http + name: http port: 80 protocol: TCP targetPort: http - - name: https + - appProtocol: https + name: https port: 443 protocol: TCP targetPort: https @@ -345,12 +372,13 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: ports: - - name: https-webhook + - appProtocol: https + name: https-webhook port: 443 targetPort: webhook selector: @@ -367,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -407,7 +435,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -479,7 +507,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -490,7 +518,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -526,7 +554,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -537,7 +565,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -575,7 +603,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -588,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/1.19/kustomization.yaml b/deploy/static/provider/cloud/1.24/kustomization.yaml similarity index 100% rename from deploy/static/provider/cloud/1.19/kustomization.yaml rename to deploy/static/provider/cloud/1.24/kustomization.yaml diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 2fa3fc858..460ab898c 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -347,7 +369,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -370,7 +392,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +432,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +504,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +515,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +551,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +562,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +600,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +613,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.20/deploy.yaml b/deploy/static/provider/do/1.20/deploy.yaml index 58a025a84..1008a916d 100644 --- a/deploy/static/provider/do/1.20/deploy.yaml +++ b/deploy/static/provider/do/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +435,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +507,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +518,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +554,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +565,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +603,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.21/deploy.yaml b/deploy/static/provider/do/1.21/deploy.yaml index 664473a53..808fe8ad3 100644 --- a/deploy/static/provider/do/1.21/deploy.yaml +++ b/deploy/static/provider/do/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +375,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.22/deploy.yaml b/deploy/static/provider/do/1.22/deploy.yaml index 664473a53..808fe8ad3 100644 --- a/deploy/static/provider/do/1.22/deploy.yaml +++ b/deploy/static/provider/do/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +375,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.23/deploy.yaml b/deploy/static/provider/do/1.23/deploy.yaml index 664473a53..808fe8ad3 100644 --- a/deploy/static/provider/do/1.23/deploy.yaml +++ b/deploy/static/provider/do/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +375,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.19/deploy.yaml b/deploy/static/provider/do/1.24/deploy.yaml similarity index 91% rename from deploy/static/provider/do/1.19/deploy.yaml rename to deploy/static/provider/do/1.24/deploy.yaml index 19cd50261..808fe8ad3 100644 --- a/deploy/static/provider/do/1.19/deploy.yaml +++ b/deploy/static/provider/do/1.24/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,17 +342,22 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - - name: http + - appProtocol: http + name: http port: 80 protocol: TCP targetPort: http - - name: https + - appProtocol: https + name: https port: 443 protocol: TCP targetPort: https @@ -348,12 +375,13 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: ports: - - name: https-webhook + - appProtocol: https + name: https-webhook port: 443 targetPort: webhook selector: @@ -370,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/1.19/kustomization.yaml b/deploy/static/provider/do/1.24/kustomization.yaml similarity index 100% rename from deploy/static/provider/do/1.19/kustomization.yaml rename to deploy/static/provider/do/1.24/kustomization.yaml diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 58a025a84..1008a916d 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +435,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +507,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +518,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +554,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +565,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +603,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.20/deploy.yaml b/deploy/static/provider/exoscale/1.20/deploy.yaml index 7e29aefa9..090677552 100644 --- a/deploy/static/provider/exoscale/1.20/deploy.yaml +++ b/deploy/static/provider/exoscale/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -315,7 +337,6 @@ metadata: annotations: service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller load balancer - service.beta.kubernetes.io/exoscale-loadbalancer-name: nginx-ingress-controller service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" @@ -327,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -357,7 +378,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -380,7 +401,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -420,7 +441,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -492,7 +513,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -503,7 +524,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -539,7 +560,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -550,7 +571,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -588,7 +609,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -601,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.21/deploy.yaml b/deploy/static/provider/exoscale/1.21/deploy.yaml index 06bddab91..df8c8e114 100644 --- a/deploy/static/provider/exoscale/1.21/deploy.yaml +++ b/deploy/static/provider/exoscale/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -315,7 +337,6 @@ metadata: annotations: service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller load balancer - service.beta.kubernetes.io/exoscale-loadbalancer-name: nginx-ingress-controller service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" @@ -327,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +381,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +404,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +444,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +516,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +527,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +563,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +574,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +612,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +625,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.22/deploy.yaml b/deploy/static/provider/exoscale/1.22/deploy.yaml index 06bddab91..df8c8e114 100644 --- a/deploy/static/provider/exoscale/1.22/deploy.yaml +++ b/deploy/static/provider/exoscale/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -315,7 +337,6 @@ metadata: annotations: service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller load balancer - service.beta.kubernetes.io/exoscale-loadbalancer-name: nginx-ingress-controller service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" @@ -327,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +381,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +404,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +444,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +516,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +527,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +563,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +574,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +612,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +625,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.23/deploy.yaml b/deploy/static/provider/exoscale/1.23/deploy.yaml index 06bddab91..df8c8e114 100644 --- a/deploy/static/provider/exoscale/1.23/deploy.yaml +++ b/deploy/static/provider/exoscale/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -315,7 +337,6 @@ metadata: annotations: service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller load balancer - service.beta.kubernetes.io/exoscale-loadbalancer-name: nginx-ingress-controller service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" @@ -327,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -360,7 +381,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -383,7 +404,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +444,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -495,7 +516,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -506,7 +527,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +563,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -553,7 +574,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -591,7 +612,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -604,7 +625,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.19/deploy.yaml b/deploy/static/provider/exoscale/1.24/deploy.yaml similarity index 91% rename from deploy/static/provider/exoscale/1.19/deploy.yaml rename to deploy/static/provider/exoscale/1.24/deploy.yaml index 42e8c47c9..df8c8e114 100644 --- a/deploy/static/provider/exoscale/1.19/deploy.yaml +++ b/deploy/static/provider/exoscale/1.24/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -315,7 +337,6 @@ metadata: annotations: service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller load balancer - service.beta.kubernetes.io/exoscale-loadbalancer-name: nginx-ingress-controller service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" @@ -327,17 +348,22 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - - name: http + - appProtocol: http + name: http port: 80 protocol: TCP targetPort: http - - name: https + - appProtocol: https + name: https port: 443 protocol: TCP targetPort: https @@ -355,12 +381,13 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: ports: - - name: https-webhook + - appProtocol: https + name: https-webhook port: 443 targetPort: webhook selector: @@ -377,7 +404,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +444,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -489,7 +516,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -500,7 +527,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +563,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -547,7 +574,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +612,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -598,7 +625,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/1.19/kustomization.yaml b/deploy/static/provider/exoscale/1.24/kustomization.yaml similarity index 100% rename from deploy/static/provider/exoscale/1.19/kustomization.yaml rename to deploy/static/provider/exoscale/1.24/kustomization.yaml diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 6c2342b66..090677552 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -326,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -356,7 +378,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -379,7 +401,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -419,7 +441,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -491,7 +513,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -502,7 +524,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -538,7 +560,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -549,7 +571,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -587,7 +609,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -600,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.20/deploy.yaml b/deploy/static/provider/kind/1.20/deploy.yaml index 63f8dff33..c0a36a9ba 100644 --- a/deploy/static/provider/kind/1.20/deploy.yaml +++ b/deploy/static/provider/kind/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -346,7 +368,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -369,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +436,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -496,7 +518,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -507,7 +529,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -543,7 +565,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -554,7 +576,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -592,7 +614,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -605,7 +627,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.21/deploy.yaml b/deploy/static/provider/kind/1.21/deploy.yaml index e48d32dc6..872334ee8 100644 --- a/deploy/static/provider/kind/1.21/deploy.yaml +++ b/deploy/static/provider/kind/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -499,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -510,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -557,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -595,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -608,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.22/deploy.yaml b/deploy/static/provider/kind/1.22/deploy.yaml index e48d32dc6..872334ee8 100644 --- a/deploy/static/provider/kind/1.22/deploy.yaml +++ b/deploy/static/provider/kind/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -499,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -510,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -557,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -595,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -608,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.23/deploy.yaml b/deploy/static/provider/kind/1.23/deploy.yaml index e48d32dc6..872334ee8 100644 --- a/deploy/static/provider/kind/1.23/deploy.yaml +++ b/deploy/static/provider/kind/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -349,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -372,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -499,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -510,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -557,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -595,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -608,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.19/deploy.yaml b/deploy/static/provider/kind/1.24/deploy.yaml similarity index 91% rename from deploy/static/provider/kind/1.19/deploy.yaml rename to deploy/static/provider/kind/1.24/deploy.yaml index f5f931771..872334ee8 100644 --- a/deploy/static/provider/kind/1.19/deploy.yaml +++ b/deploy/static/provider/kind/1.24/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,16 +339,21 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - - name: http + - appProtocol: http + name: http port: 80 protocol: TCP targetPort: http - - name: https + - appProtocol: https + name: https port: 443 protocol: TCP targetPort: https @@ -344,12 +371,13 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: ports: - - name: https-webhook + - appProtocol: https + name: https-webhook port: 443 targetPort: webhook selector: @@ -366,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -411,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -493,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -504,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -540,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -551,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -589,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -602,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/1.19/kustomization.yaml b/deploy/static/provider/kind/1.24/kustomization.yaml similarity index 100% rename from deploy/static/provider/kind/1.19/kustomization.yaml rename to deploy/static/provider/kind/1.24/kustomization.yaml diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 63f8dff33..c0a36a9ba 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -305,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -317,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -346,7 +368,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -369,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +436,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -496,7 +518,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -507,7 +529,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -543,7 +565,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -554,7 +576,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -592,7 +614,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -605,7 +627,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.20/deploy.yaml b/deploy/static/provider/scw/1.20/deploy.yaml index f69ba79c7..935d6f665 100644 --- a/deploy/static/provider/scw/1.20/deploy.yaml +++ b/deploy/static/provider/scw/1.20/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +435,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +507,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +518,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +554,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +565,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +603,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.21/deploy.yaml b/deploy/static/provider/scw/1.21/deploy.yaml index 5a81c2d0b..fbfab1db6 100644 --- a/deploy/static/provider/scw/1.21/deploy.yaml +++ b/deploy/static/provider/scw/1.21/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +375,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.22/deploy.yaml b/deploy/static/provider/scw/1.22/deploy.yaml index 5a81c2d0b..fbfab1db6 100644 --- a/deploy/static/provider/scw/1.22/deploy.yaml +++ b/deploy/static/provider/scw/1.22/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +375,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.23/deploy.yaml b/deploy/static/provider/scw/1.23/deploy.yaml index 5a81c2d0b..fbfab1db6 100644 --- a/deploy/static/provider/scw/1.23/deploy.yaml +++ b/deploy/static/provider/scw/1.23/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -353,7 +375,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -376,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -416,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -488,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -499,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -546,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -597,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.19/deploy.yaml b/deploy/static/provider/scw/1.24/deploy.yaml similarity index 91% rename from deploy/static/provider/scw/1.19/deploy.yaml rename to deploy/static/provider/scw/1.24/deploy.yaml index d801ce4da..fbfab1db6 100644 --- a/deploy/static/provider/scw/1.19/deploy.yaml +++ b/deploy/static/provider/scw/1.24/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,17 +342,22 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - - name: http + - appProtocol: http + name: http port: 80 protocol: TCP targetPort: http - - name: https + - appProtocol: https + name: https port: 443 protocol: TCP targetPort: https @@ -348,12 +375,13 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: ports: - - name: https-webhook + - appProtocol: https + name: https-webhook port: 443 targetPort: webhook selector: @@ -370,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -410,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -482,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -493,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -529,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -540,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -578,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -591,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/1.19/kustomization.yaml b/deploy/static/provider/scw/1.24/kustomization.yaml similarity index 100% rename from deploy/static/provider/scw/1.19/kustomization.yaml rename to deploy/static/provider/scw/1.24/kustomization.yaml diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index f69ba79c7..935d6f665 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -105,6 +105,21 @@ rules: - configmaps verbs: - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: @@ -121,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -140,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx rules: - apiGroups: @@ -155,6 +170,13 @@ rules: verbs: - list - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch - apiGroups: - "" resources: @@ -207,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission rules: - apiGroups: @@ -226,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -246,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -265,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -284,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -320,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -350,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -373,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +435,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8 + image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -485,7 +507,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -496,7 +518,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +554,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -543,7 +565,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +603,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -594,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.2.1 + app.kubernetes.io/version: 1.3.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 250c4261e..00ee6a9f5 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -51,7 +51,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -186,17 +186,17 @@ In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controll ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -238,7 +238,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -252,7 +252,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml ``` More information with regards to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -260,13 +260,13 @@ More information with regards to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/do/deploy.yaml ``` #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -280,7 +280,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml ``` A [complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation. @@ -292,7 +292,7 @@ This section is applicable to Kubernetes clusters deployed on bare metal servers For quick testing, you can use a [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), see [bare-metal considerations](./baremetal.md). From 64efad8415258d4dbd0a6b8466e282a489195fe8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miguel=20Mart=C3=ADnez?= Date: Wed, 13 Jul 2022 02:41:37 +0200 Subject: [PATCH 173/494] Fixed typo (#8817) --- docs/user-guide/nginx-configuration/annotations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 0c65bd0c8..199d156be 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -329,7 +329,7 @@ nginx.ingress.kubernetes.io/custom-http-errors: "404,415" ### Default Backend -This annotation is of the form `nginx.ingress.kubernetes.io/default-backend: ` to specify a custom default backend. This `` is a reference to a service inside of the same namespace in which you are applying this annotation. This annotation overrides the global default backend. In case the service has [multiple ports](https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services), the first one is the one which will received the backend traffic. +This annotation is of the form `nginx.ingress.kubernetes.io/default-backend: ` to specify a custom default backend. This `` is a reference to a service inside of the same namespace in which you are applying this annotation. This annotation overrides the global default backend. In case the service has [multiple ports](https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services), the first one is the one which will receive the backend traffic. This service will be used to handle the response when the configured service in the Ingress rule does not have any active endpoints. It will also be used to handle the error responses if both this annotation and the [custom-http-errors annotation](#custom-http-errors) are set. From 2843bb264f5d31b2ed2514c300c65c33aca2557a Mon Sep 17 00:00:00 2001 From: Philipp B Date: Wed, 13 Jul 2022 11:53:37 +0200 Subject: [PATCH 174/494] fix(docs): describe MetalLB configuration via CRDs rather than configMap (#8821) Signed-off-by: Philipp Born --- docs/deploy/baremetal.md | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/docs/deploy/baremetal.md b/docs/deploy/baremetal.md index b54c7f61e..55288c322 100644 --- a/docs/deploy/baremetal.md +++ b/docs/deploy/baremetal.md @@ -33,7 +33,7 @@ MetalLB can be deployed either with a simple Kubernetes manifest or with Helm. T was deployed following the [Installation][metallb-install] instructions. MetalLB requires a pool of IP addresses in order to be able to take ownership of the `ingress-nginx` Service. This pool -can be defined in a ConfigMap named `config` located in the same namespace as the MetalLB controller. This pool of IPs **must** be dedicated to MetalLB's use, you can't reuse the Kubernetes node IPs or IPs handed out by a DHCP server. +can be defined through `IPAddressPool` objects in the same namespace as the MetalLB controller. This pool of IPs **must** be dedicated to MetalLB's use, you can't reuse the Kubernetes node IPs or IPs handed out by a DHCP server. !!! example Given the following 3-node Kubernetes cluster (the external IP is added as an example, in most bare-metal @@ -47,22 +47,29 @@ can be defined in a ConfigMap named `config` located in the same namespace as th host-3 Ready node 203.0.113.3 ``` - After creating the following ConfigMap, MetalLB takes ownership of one of the IP addresses in the pool and updates + After creating the following objects, MetalLB takes ownership of one of the IP addresses in the pool and updates the *loadBalancer* IP field of the `ingress-nginx` Service accordingly. ```yaml - apiVersion: v1 - kind: ConfigMap + --- + apiVersion: metallb.io/v1beta1 + kind: IPAddressPool metadata: + name: default namespace: metallb-system - name: config - data: - config: | - address-pools: - - name: default - protocol: layer2 - addresses: - - 203.0.113.10-203.0.113.15 + spec: + addresses: + - 203.0.113.10-203.0.113.15 + autoAssign: true + --- + apiVersion: metallb.io/v1beta1 + kind: L2Advertisement + metadata: + name: default + namespace: metallb-system + spec: + ipAddressPools: + - default ``` ```console From 0049796682e509fc4c6a89931f093855fe54d014 Mon Sep 17 00:00:00 2001 From: Guilhem Lettron Date: Sun, 17 Jul 2022 21:13:20 +0200 Subject: [PATCH 175/494] feat: update mimalloc to 1.7.6 (#8827) Signed-off-by: Guilhem Lettron --- images/nginx/rootfs/build.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 2ee308d68..c23ed8681 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -127,6 +127,9 @@ export LUA_RESTY_IPMATCHER_VERSION=211e0d2eb8bbb558b79368f89948a0bafdc23654 # Check for recent changes: https://github.com/ElvinEfendi/lua-resty-global-throttle/compare/v0.2.0...main export LUA_RESTY_GLOBAL_THROTTLE_VERSION=0.2.0 +# Check for recent changes: https://github.com/microsoft/mimalloc/compare/v1.7.6...master +export MIMALOC_VERSION=1.7.6 + export BUILD_PATH=/tmp/build ARCH=$(uname -m) @@ -320,6 +323,9 @@ get_src b8dbd502751140993a852381bcd8e98a402454596bd91838c1e51268d42db261 \ get_src 0fb790e394510e73fdba1492e576aaec0b8ee9ef08e3e821ce253a07719cf7ea \ "https://github.com/ElvinEfendi/lua-resty-global-throttle/archive/v$LUA_RESTY_GLOBAL_THROTTLE_VERSION.tar.gz" +get_src d74f86ada2329016068bc5a243268f1f555edd620b6a7d6ce89295e7d6cf18da \ + "https://github.com/microsoft/mimalloc/archive/refs/tags/v${MIMALOC_VERSION}.tar.gz" + # improve compilation times CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1)) @@ -713,11 +719,7 @@ INST_LUADIR=/usr/local/lib/lua make install cd "$BUILD_PATH/lua-resty-global-throttle-$LUA_RESTY_GLOBAL_THROTTLE_VERSION" make install -# mimalloc -cd "$BUILD_PATH" -git clone --depth=1 -b v1.6.7 https://github.com/microsoft/mimalloc -cd mimalloc - +cd "$BUILD_PATH/mimalloc-$MIMALOC_VERSION" mkdir -p out/release cd out/release From 1ebb68983d4a7c6e35d103ce4ce50d0cb1c45f3d Mon Sep 17 00:00:00 2001 From: Lien Li Date: Mon, 18 Jul 2022 13:19:20 +0800 Subject: [PATCH 176/494] Migrate ginkgo to v2 in e2e-test-runner (#8830) --- images/test-runner/rootfs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index f7a46b180..790bf1248 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -49,7 +49,7 @@ ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" -RUN go install github.com/onsi/ginkgo/ginkgo@v1.16.5 && go install golang.org/x/lint/golint@latest +RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.1.4 && go install golang.org/x/lint/golint@latest ARG RESTY_CLI_VERSION ARG RESTY_CLI_SHA From cdd69d03ab2c0c4f389c7d02dec5af9e744b6ca6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Jul 2022 05:37:15 -0700 Subject: [PATCH 177/494] Bump actions/setup-go from 3.2.0 to 3.2.1 (#8835) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/b22fbbc2921299758641fab08929b4ac52b32923...84cbf8094393cdc5fe1fe1671ff2647332956b1a) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c42a2ac7c..2ca339184 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -72,7 +72,7 @@ jobs: - name: Set up Go 1.18 id: go - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0 + uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 with: go-version: '1.18.2' @@ -134,7 +134,7 @@ jobs: uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - name: Setup Go - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0 + uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 with: go-version: '1.18.2' @@ -409,7 +409,7 @@ jobs: - name: Set up Go 1.18 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0 + uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 with: go-version: '1.18.2' From c3d43315b000fe63800556e8d30585027c834f83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Jul 2022 05:39:16 -0700 Subject: [PATCH 178/494] Bump actions/dependency-review-action from 2.0.2 to 2.0.4 (#8836) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.2 to 2.0.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/1c59cdf2a9c7f29c90e8da32237eb04b81bad9f0...94145f3150bfabdc97540cbd5f7e926306ea7744) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 0f84fd837..9f32403c5 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@1c59cdf2a9c7f29c90e8da32237eb04b81bad9f0 #v2.0.2 + uses: actions/dependency-review-action@94145f3150bfabdc97540cbd5f7e926306ea7744 #v2.0.2 From 047aa1841032a2f948f1a9f7a69785f1f1f10632 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Jul 2022 07:03:15 -0700 Subject: [PATCH 179/494] Bump github.com/prometheus/common from 0.35.0 to 0.37.0 (#8832) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.35.0 to 0.37.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.35.0...v0.37.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b8460ceda..c85ddd1d1 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.12.2 github.com/prometheus/client_model v0.2.0 - github.com/prometheus/common v0.35.0 + github.com/prometheus/common v0.37.0 github.com/spf13/cobra v1.5.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 diff --git a/go.sum b/go.sum index 36c270e5e..077b48b98 100644 --- a/go.sum +++ b/go.sum @@ -513,8 +513,8 @@ github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9 github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.35.0 h1:Eyr+Pw2VymWejHqCugNaQXkAi6KayVNxaHeu6khmFBE= -github.com/prometheus/common v0.35.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= +github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= +github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= From 476be7757f2e917302b1104da422b5d7b08f387a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Jul 2022 07:05:15 -0700 Subject: [PATCH 180/494] Bump github/codeql-action from 2.1.15 to 2.1.16 (#8837) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.16. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/3f62b754e23e0dd60f91b744033e1dc1654c0ec6...3e7e3b32d0fb8283594bb0a76cc60a00918b0969) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 5a9aa0b4f..f8bc053c9 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # v2.1.14 + uses: github/codeql-action/upload-sarif@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # v2.1.14 with: sarif_file: results.sarif From 20596f7f7d465ab248b56823eed2de123c252d7f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Jul 2022 07:07:15 -0700 Subject: [PATCH 181/494] Bump google.golang.org/grpc from 1.47.0 to 1.48.0 (#8833) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.47.0 to 1.48.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.47.0...v1.48.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c85ddd1d1..c72359736 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220214200702-86341886e292 golang.org/x/net v0.0.0-20220225172249-27dd8689420f - google.golang.org/grpc v1.47.0 + google.golang.org/grpc v1.48.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.23.6 diff --git a/go.sum b/go.sum index 077b48b98..34bd73d10 100644 --- a/go.sum +++ b/go.sum @@ -1062,8 +1062,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8= -google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w= +google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From e55e8488daa27634484ed295d4de021a023fb0a0 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Wed, 20 Jul 2022 01:56:08 +0800 Subject: [PATCH 182/494] fix: test-runner Makefile (#8840) Signed-off-by: Jintao Zhang --- images/test-runner/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index ecd4e5f58..85569a083 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -23,7 +23,7 @@ REGISTRY ?= local IMAGE = $(REGISTRY)/e2e-test-runner -NGINX_BASE_IMAGE ?= $(shell cat $DIR/../../NGINX_BASE) +NGINX_BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE) # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled From ac3c338e7e0f8d858ce6c1e4c22ee4ccdb0624e0 Mon Sep 17 00:00:00 2001 From: inosato <48383032+inosato@users.noreply.github.com> Date: Thu, 21 Jul 2022 00:46:36 +0900 Subject: [PATCH 183/494] FIx typo x_forwarded_for (#8838) --- docs/user-guide/nginx-configuration/configmap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 270dd1c62..e5af31cb5 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -479,7 +479,7 @@ Example for json output: ```json -log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forward_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", +log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }' From 8f9df544eaf1be64c2f279336640bc80e811dfd0 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Wed, 20 Jul 2022 21:40:36 +0530 Subject: [PATCH 184/494] bumped kubectl to v1.24.0 (#8807) --- build/dev-env.sh | 12 ++++++------ images/test-runner/Makefile | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/build/dev-env.sh b/build/dev-env.sh index c0c99526b..68b683350 100755 --- a/build/dev-env.sh +++ b/build/dev-env.sh @@ -36,7 +36,7 @@ if ! command -v kind &> /dev/null; then fi if ! command -v kubectl &> /dev/null; then - echo "Please install kubectl 1.15 or higher" + echo "Please install kubectl 1.24.0 or higher" exit 1 fi @@ -46,14 +46,14 @@ if ! command -v helm &> /dev/null; then fi HELM_VERSION=$(helm version 2>&1 | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+') || true -if [[ ${HELM_VERSION} < "v3.0.0" ]]; then - echo "Please upgrade helm to v3.0.0 or higher" +if [[ ${HELM_VERSION} < "v3.9.0" ]]; then + echo "Please upgrade helm to v3.9.0 or higher" exit 1 fi KUBE_CLIENT_VERSION=$(kubectl version --client --short 2>/dev/null | grep Client | awk '{print $3}' | cut -d. -f2) || true -if [[ ${KUBE_CLIENT_VERSION} -lt 14 ]]; then - echo "Please update kubectl to 1.15 or higher" +if [[ ${KUBE_CLIENT_VERSION} -lt 24 ]]; then + echo "Please update kubectl to 1.24.2 or higher" exit 1 fi @@ -61,7 +61,7 @@ echo "[dev-env] building image" make build image docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}" -export K8S_VERSION=${K8S_VERSION:-v1.21.12@sha256:f316b33dd88f8196379f38feb80545ef3ed44d9197dca1bfd48bcb1583210207} +export K8S_VERSION=${K8S_VERSION:-v1.24.2@sha256:1f0cee2282f43150b52dc7933183ed96abdcfc8d293f30ec07082495874876f1} KIND_CLUSTER_NAME="ingress-nginx-dev" diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 85569a083..0f2b72bad 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -41,7 +41,7 @@ build: ensure-buildx --build-arg BASE_IMAGE=$(NGINX_BASE_IMAGE) \ --build-arg GOLANG_VERSION=1.18.2 \ --build-arg ETCD_VERSION=3.4.3-0 \ - --build-arg K8S_RELEASE=v1.21.3 \ + --build-arg K8S_RELEASE=v1.24.2 \ --build-arg RESTY_CLI_VERSION=0.27 \ --build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \ --build-arg LUAROCKS_VERSION=3.8.0 \ @@ -49,7 +49,7 @@ build: ensure-buildx --build-arg CHART_TESTING_VERSION=3.0.0 \ --build-arg YAML_LINT_VERSION=1.13.0 \ --build-arg YAMALE_VERSION=1.8.0 \ - --build-arg HELM_VERSION=v3.4.2 \ + --build-arg HELM_VERSION=v3.9.0 \ -t $(IMAGE):$(TAG) rootfs # push the cross built image From 4c6a7ee158ae1b964c64918d1cbd78a37a573b20 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Wed, 20 Jul 2022 15:53:44 -0300 Subject: [PATCH 185/494] Decouple shared functions between controllers (#8829) * Decouple shared functions between controllers * Apply suggestions from code review Co-authored-by: Jintao Zhang * Fix package names and fmt Co-authored-by: Jintao Zhang --- cmd/dataplane/main.go | 101 +++++++++++++++++ cmd/nginx/main.go | 103 +++--------------- cmd/nginx/main_test.go | 8 +- internal/ingress/annotations/auth/main.go | 2 +- internal/ingress/controller/checker_test.go | 2 +- internal/ingress/controller/config/config.go | 2 +- .../ingress/controller/controller_test.go | 4 +- internal/ingress/controller/nginx.go | 5 +- .../ingress/controller/store/backend_ssl.go | 8 +- internal/ingress/controller/store/store.go | 7 +- .../ingress/controller/template/configmap.go | 2 +- internal/net/dns/dns_test.go | 2 +- internal/net/ssl/ssl.go | 7 +- internal/net/ssl/ssl_test.go | 2 +- internal/watch/file_watcher_test.go | 2 +- {cmd/nginx => pkg/flags}/flags.go | 17 ++- {cmd/nginx => pkg/flags}/flags_test.go | 34 ++---- pkg/metrics/handler.go | 87 +++++++++++++++ {internal => pkg/util}/file/file.go | 0 {internal => pkg/util}/file/file_test.go | 0 {internal => pkg/util}/file/filesystem.go | 0 {internal => pkg/util}/file/structure.go | 0 pkg/util/process/controller.go | 24 ++++ pkg/util/process/sigterm.go | 49 +++++++++ pkg/util/process/sigterm_test.go | 79 ++++++++++++++ {internal => pkg/util}/runtime/cpu_linux.go | 0 .../util}/runtime/cpu_notlinux.go | 0 27 files changed, 413 insertions(+), 134 deletions(-) create mode 100644 cmd/dataplane/main.go rename {cmd/nginx => pkg/flags}/flags.go (96%) rename {cmd/nginx => pkg/flags}/flags_test.go (76%) create mode 100644 pkg/metrics/handler.go rename {internal => pkg/util}/file/file.go (100%) rename {internal => pkg/util}/file/file_test.go (100%) rename {internal => pkg/util}/file/filesystem.go (100%) rename {internal => pkg/util}/file/structure.go (100%) create mode 100644 pkg/util/process/controller.go create mode 100644 pkg/util/process/sigterm.go create mode 100644 pkg/util/process/sigterm_test.go rename {internal => pkg/util}/runtime/cpu_linux.go (100%) rename {internal => pkg/util}/runtime/cpu_notlinux.go (100%) diff --git a/cmd/dataplane/main.go b/cmd/dataplane/main.go new file mode 100644 index 000000000..8ea59a412 --- /dev/null +++ b/cmd/dataplane/main.go @@ -0,0 +1,101 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "fmt" + "math/rand" // #nosec + "net/http" + "os" + "time" + + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/collectors" + + "k8s.io/klog/v2" + + "k8s.io/ingress-nginx/internal/ingress/controller" + "k8s.io/ingress-nginx/internal/ingress/metric" + "k8s.io/ingress-nginx/internal/nginx" + ingressflags "k8s.io/ingress-nginx/pkg/flags" + "k8s.io/ingress-nginx/pkg/metrics" + "k8s.io/ingress-nginx/pkg/util/file" + "k8s.io/ingress-nginx/pkg/util/process" + "k8s.io/ingress-nginx/version" +) + +func main() { + klog.InitFlags(nil) + + rand.Seed(time.Now().UnixNano()) + + fmt.Println(version.String()) + var err error + showVersion, conf, err := ingressflags.ParseFlags() + if showVersion { + os.Exit(0) + } + + if err != nil { + klog.Fatal(err) + } + + err = file.CreateRequiredDirectories() + if err != nil { + klog.Fatal(err) + } + + reg := prometheus.NewRegistry() + + reg.MustRegister(collectors.NewGoCollector()) + reg.MustRegister(collectors.NewProcessCollector(collectors.ProcessCollectorOpts{ + PidFn: func() (int, error) { return os.Getpid(), nil }, + ReportErrors: true, + })) + + mc := metric.NewDummyCollector() + if conf.EnableMetrics { + // TODO: Ingress class is not a part of dataplane anymore + mc, err = metric.NewCollector(conf.MetricsPerHost, conf.ReportStatusClasses, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets) + if err != nil { + klog.Fatalf("Error creating prometheus collector: %v", err) + } + } + // Pass the ValidationWebhook status to determine if we need to start the collector + // for the admissionWebhook + // TODO: Dataplane does not contain validation webhook so the MetricCollector should not receive + // this as an argument + mc.Start(conf.ValidationWebhook) + + if conf.EnableProfiling { + // TODO: Turn Profiler address configurable via flags + go metrics.RegisterProfiler("127.0.0.1", nginx.ProfilerPort) + } + + ngx := controller.NewNGINXController(conf, mc) + + mux := http.NewServeMux() + metrics.RegisterHealthz(nginx.HealthPath, mux) + metrics.RegisterMetrics(reg, mux) + + go metrics.StartHTTPServer(conf.HealthCheckHost, conf.ListenPorts.Health, mux) + go ngx.Start() + + process.HandleSigterm(ngx, conf.PostShutdownGracePeriod, func(code int) { + os.Exit(code) + }) +} diff --git a/cmd/nginx/main.go b/cmd/nginx/main.go index ff5f0c365..c585ed95e 100644 --- a/cmd/nginx/main.go +++ b/cmd/nginx/main.go @@ -21,34 +21,34 @@ import ( "fmt" "math/rand" // #nosec "net/http" - "net/http/pprof" "os" - "os/signal" "path/filepath" "runtime" - "syscall" "time" "github.com/prometheus/client_golang/prometheus" - "github.com/prometheus/client_golang/prometheus/promhttp" + "github.com/prometheus/client_golang/prometheus/collectors" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" discovery "k8s.io/apimachinery/pkg/version" - "k8s.io/apiserver/pkg/server/healthz" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" certutil "k8s.io/client-go/util/cert" "k8s.io/klog/v2" - "k8s.io/ingress-nginx/internal/file" "k8s.io/ingress-nginx/internal/ingress/controller" "k8s.io/ingress-nginx/internal/ingress/metric" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/net/ssl" "k8s.io/ingress-nginx/internal/nginx" + "k8s.io/ingress-nginx/pkg/util/file" "k8s.io/ingress-nginx/version" + + ingressflags "k8s.io/ingress-nginx/pkg/flags" + "k8s.io/ingress-nginx/pkg/metrics" + "k8s.io/ingress-nginx/pkg/util/process" ) func main() { @@ -58,7 +58,7 @@ func main() { fmt.Println(version.String()) - showVersion, conf, err := parseFlags() + showVersion, conf, err := ingressflags.ParseFlags() if showVersion { os.Exit(0) } @@ -125,8 +125,8 @@ func main() { reg := prometheus.NewRegistry() - reg.MustRegister(prometheus.NewGoCollector()) - reg.MustRegister(prometheus.NewProcessCollector(prometheus.ProcessCollectorOpts{ + reg.MustRegister(collectors.NewGoCollector()) + reg.MustRegister(collectors.NewProcessCollector(collectors.ProcessCollectorOpts{ PidFn: func() (int, error) { return os.Getpid(), nil }, ReportErrors: true, })) @@ -143,14 +143,14 @@ func main() { mc.Start(conf.ValidationWebhook) if conf.EnableProfiling { - go registerProfiler() + go metrics.RegisterProfiler("127.0.0.1", nginx.ProfilerPort) } ngx := controller.NewNGINXController(conf, mc) mux := http.NewServeMux() - registerHealthz(nginx.HealthPath, ngx, mux) - registerMetrics(reg, mux) + metrics.RegisterHealthz(nginx.HealthPath, mux, ngx) + metrics.RegisterMetrics(reg, mux) _, errExists := os.Stat("/chroot") if errExists == nil { @@ -159,35 +159,14 @@ func main() { } - go startHTTPServer(conf.HealthCheckHost, conf.ListenPorts.Health, mux) + go metrics.StartHTTPServer(conf.HealthCheckHost, conf.ListenPorts.Health, mux) go ngx.Start() - handleSigterm(ngx, conf.PostShutdownGracePeriod, func(code int) { + process.HandleSigterm(ngx, conf.PostShutdownGracePeriod, func(code int) { os.Exit(code) }) } -type exiter func(code int) - -func handleSigterm(ngx *controller.NGINXController, delay int, exit exiter) { - signalChan := make(chan os.Signal, 1) - signal.Notify(signalChan, syscall.SIGTERM) - <-signalChan - klog.InfoS("Received SIGTERM, shutting down") - - exitCode := 0 - if err := ngx.Stop(); err != nil { - klog.Warningf("Error during shutdown: %v", err) - exitCode = 1 - } - - klog.Infof("Handled quit, delaying controller exit for %d seconds", delay) - time.Sleep(time.Duration(delay) * time.Second) - - klog.InfoS("Exiting", "code", exitCode) - exit(exitCode) -} - // createApiserverClient creates a new Kubernetes REST client. apiserverHost is // the URL of the API server in the format protocol://address:port/pathPrefix, // kubeConfig is the location of a kubeconfig file. If defined, the kubeconfig @@ -293,60 +272,6 @@ func handleFatalInitError(err error) { err) } -func registerHealthz(healthPath string, ic *controller.NGINXController, mux *http.ServeMux) { - // expose health check endpoint (/healthz) - healthz.InstallPathHandler(mux, - healthPath, - healthz.PingHealthz, - ic, - ) -} - -func registerMetrics(reg *prometheus.Registry, mux *http.ServeMux) { - mux.Handle( - "/metrics", - promhttp.InstrumentMetricHandler( - reg, - promhttp.HandlerFor(reg, promhttp.HandlerOpts{}), - ), - ) -} - -func registerProfiler() { - mux := http.NewServeMux() - - mux.HandleFunc("/debug/pprof/", pprof.Index) - mux.HandleFunc("/debug/pprof/heap", pprof.Index) - mux.HandleFunc("/debug/pprof/mutex", pprof.Index) - mux.HandleFunc("/debug/pprof/goroutine", pprof.Index) - mux.HandleFunc("/debug/pprof/threadcreate", pprof.Index) - mux.HandleFunc("/debug/pprof/block", pprof.Index) - mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) - mux.HandleFunc("/debug/pprof/profile", pprof.Profile) - mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) - mux.HandleFunc("/debug/pprof/trace", pprof.Trace) - - server := &http.Server{ - Addr: fmt.Sprintf("127.0.0.1:%v", nginx.ProfilerPort), - //G112 (CWE-400): Potential Slowloris Attack - ReadHeaderTimeout: 10 * time.Second, - Handler: mux, - } - klog.Fatal(server.ListenAndServe()) -} - -func startHTTPServer(host string, port int, mux *http.ServeMux) { - server := &http.Server{ - Addr: fmt.Sprintf("%s:%v", host, port), - Handler: mux, - ReadTimeout: 10 * time.Second, - ReadHeaderTimeout: 10 * time.Second, - WriteTimeout: 300 * time.Second, - IdleTimeout: 120 * time.Second, - } - klog.Fatal(server.ListenAndServe()) -} - func checkService(key string, kubeClient *kubernetes.Clientset) error { ns, name, err := k8s.ParseNameNS(key) if err != nil { diff --git a/cmd/nginx/main_test.go b/cmd/nginx/main_test.go index 2a29953ad..f57c02c5e 100644 --- a/cmd/nginx/main_test.go +++ b/cmd/nginx/main_test.go @@ -33,6 +33,8 @@ import ( "k8s.io/ingress-nginx/internal/ingress/controller" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/nginx" + ingressflags "k8s.io/ingress-nginx/pkg/flags" + "k8s.io/ingress-nginx/pkg/util/process" ) func TestCreateApiserverClient(t *testing.T) { @@ -83,7 +85,7 @@ func TestHandleSigterm(t *testing.T) { t.Fatalf("error creating pod %v: %v", pod, err) } - resetForTesting(func() { t.Fatal("bad parse") }) + ingressflags.ResetForTesting(func() { t.Fatal("bad parse") }) os.Setenv("POD_NAME", podName) os.Setenv("POD_NAMESPACE", namespace) @@ -97,7 +99,7 @@ func TestHandleSigterm(t *testing.T) { }() os.Args = []string{"cmd", "--default-backend-service", "ingress-nginx/default-backend-http", "--http-port", "0", "--https-port", "0"} - _, conf, err := parseFlags() + _, conf, err := ingressflags.ParseFlags() if err != nil { t.Errorf("Unexpected error creating NGINX controller: %v", err) } @@ -105,7 +107,7 @@ func TestHandleSigterm(t *testing.T) { ngx := controller.NewNGINXController(conf, nil) - go handleSigterm(ngx, 10, func(code int) { + go process.HandleSigterm(ngx, 10, func(code int) { if code != 1 { t.Errorf("Expected exit code 1 but %d received", code) } diff --git a/internal/ingress/annotations/auth/main.go b/internal/ingress/annotations/auth/main.go index e05988365..58486c6e8 100644 --- a/internal/ingress/annotations/auth/main.go +++ b/internal/ingress/annotations/auth/main.go @@ -26,10 +26,10 @@ import ( networking "k8s.io/api/networking/v1" "k8s.io/client-go/tools/cache" - "k8s.io/ingress-nginx/internal/file" "k8s.io/ingress-nginx/internal/ingress/annotations/parser" ing_errors "k8s.io/ingress-nginx/internal/ingress/errors" "k8s.io/ingress-nginx/internal/ingress/resolver" + "k8s.io/ingress-nginx/pkg/util/file" ) var ( diff --git a/internal/ingress/controller/checker_test.go b/internal/ingress/controller/checker_test.go index fd712b6a8..5d9fb1baf 100644 --- a/internal/ingress/controller/checker_test.go +++ b/internal/ingress/controller/checker_test.go @@ -26,9 +26,9 @@ import ( "k8s.io/apiserver/pkg/server/healthz" - "k8s.io/ingress-nginx/internal/file" ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config" "k8s.io/ingress-nginx/internal/nginx" + "k8s.io/ingress-nginx/pkg/util/file" ) func TestNginxCheck(t *testing.T) { diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 07f9d957a..dfc90c385 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -26,7 +26,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/defaults" - "k8s.io/ingress-nginx/internal/runtime" + "k8s.io/ingress-nginx/pkg/util/runtime" ) var ( diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index 398e18830..0e8ae9d62 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -39,8 +39,8 @@ import ( "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/kubernetes/fake" - "k8s.io/ingress-nginx/internal/file" "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/internal/ingress/annotations" "k8s.io/ingress-nginx/internal/ingress/annotations/canary" "k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist" @@ -56,6 +56,8 @@ import ( "k8s.io/ingress-nginx/internal/ingress/resolver" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/net/ssl" + + "k8s.io/ingress-nginx/pkg/util/file" ) type fakeIngressStore struct { diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 9c8e5265c..41ec0445a 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -44,10 +44,8 @@ import ( v1core "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/tools/record" "k8s.io/client-go/util/flowcontrol" - "k8s.io/klog/v2" adm_controller "k8s.io/ingress-nginx/internal/admission/controller" - "k8s.io/ingress-nginx/internal/file" "k8s.io/ingress-nginx/internal/ingress" ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config" "k8s.io/ingress-nginx/internal/ingress/controller/process" @@ -61,6 +59,9 @@ import ( "k8s.io/ingress-nginx/internal/nginx" "k8s.io/ingress-nginx/internal/task" "k8s.io/ingress-nginx/internal/watch" + + "k8s.io/ingress-nginx/pkg/util/file" + klog "k8s.io/klog/v2" ) const ( diff --git a/internal/ingress/controller/store/backend_ssl.go b/internal/ingress/controller/store/backend_ssl.go index 19283d2fd..96164b95e 100644 --- a/internal/ingress/controller/store/backend_ssl.go +++ b/internal/ingress/controller/store/backend_ssl.go @@ -20,15 +20,17 @@ import ( "fmt" "strings" - "k8s.io/klog/v2" - apiv1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/ingress-nginx/internal/file" "k8s.io/ingress-nginx/internal/ingress" + + klog "k8s.io/klog/v2" + "k8s.io/ingress-nginx/internal/net/ssl" + + "k8s.io/ingress-nginx/pkg/util/file" ) // syncSecret synchronizes the content of a TLS Secret (certificate(s), secret diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index d29636b03..72300a4de 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -43,9 +43,11 @@ import ( "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/record" "k8s.io/ingress-nginx/internal/ingress/inspector" - "k8s.io/klog/v2" - "k8s.io/ingress-nginx/internal/file" + "k8s.io/ingress-nginx/internal/nginx" + "k8s.io/ingress-nginx/pkg/util/file" + klog "k8s.io/klog/v2" + "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/annotations" "k8s.io/ingress-nginx/internal/ingress/annotations/parser" @@ -56,7 +58,6 @@ import ( "k8s.io/ingress-nginx/internal/ingress/errors" "k8s.io/ingress-nginx/internal/ingress/resolver" "k8s.io/ingress-nginx/internal/k8s" - "k8s.io/ingress-nginx/internal/nginx" ) // IngressFilterFunc decides if an Ingress should be omitted or not diff --git a/internal/ingress/controller/template/configmap.go b/internal/ingress/controller/template/configmap.go index bcd985f7f..35a0e4536 100644 --- a/internal/ingress/controller/template/configmap.go +++ b/internal/ingress/controller/template/configmap.go @@ -34,7 +34,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/controller/config" ing_net "k8s.io/ingress-nginx/internal/net" - "k8s.io/ingress-nginx/internal/runtime" + "k8s.io/ingress-nginx/pkg/util/runtime" ) const ( diff --git a/internal/net/dns/dns_test.go b/internal/net/dns/dns_test.go index 2b21e81e7..708e3c6df 100644 --- a/internal/net/dns/dns_test.go +++ b/internal/net/dns/dns_test.go @@ -21,7 +21,7 @@ import ( "os" "testing" - "k8s.io/ingress-nginx/internal/file" + "k8s.io/ingress-nginx/pkg/util/file" ) func TestGetDNSServers(t *testing.T) { diff --git a/internal/net/ssl/ssl.go b/internal/net/ssl/ssl.go index bb99e2e8a..339724095 100644 --- a/internal/net/ssl/ssl.go +++ b/internal/net/ssl/ssl.go @@ -39,11 +39,14 @@ import ( "github.com/zakjan/cert-chain-resolver/certUtil" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/ingress-nginx/internal/file" + "k8s.io/ingress-nginx/internal/ingress" + ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config" "k8s.io/ingress-nginx/internal/watch" - "k8s.io/klog/v2" + + "k8s.io/ingress-nginx/pkg/util/file" + klog "k8s.io/klog/v2" ) // FakeSSLCertificateUID defines the default UID to use for the fake SSL diff --git a/internal/net/ssl/ssl_test.go b/internal/net/ssl/ssl_test.go index 0b972d21c..e251d01d1 100644 --- a/internal/net/ssl/ssl_test.go +++ b/internal/net/ssl/ssl_test.go @@ -39,7 +39,7 @@ import ( "time" certutil "k8s.io/client-go/util/cert" - "k8s.io/ingress-nginx/internal/file" + "k8s.io/ingress-nginx/pkg/util/file" ) // generateRSACerts generates a self signed certificate using a self generated ca diff --git a/internal/watch/file_watcher_test.go b/internal/watch/file_watcher_test.go index d97d6b9ae..e1f5ed30d 100644 --- a/internal/watch/file_watcher_test.go +++ b/internal/watch/file_watcher_test.go @@ -23,7 +23,7 @@ import ( "testing" "time" - "k8s.io/ingress-nginx/internal/file" + "k8s.io/ingress-nginx/pkg/util/file" ) func prepareTimeout() chan bool { diff --git a/cmd/nginx/flags.go b/pkg/flags/flags.go similarity index 96% rename from cmd/nginx/flags.go rename to pkg/flags/flags.go index 9a00b58b0..f7c1771e8 100644 --- a/cmd/nginx/flags.go +++ b/pkg/flags/flags.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package main +package flags import ( "flag" @@ -37,7 +37,11 @@ import ( klog "k8s.io/klog/v2" ) -func parseFlags() (bool, *controller.Configuration, error) { +// TODO: We should split the flags functions between common for all programs +// and specific for each component (like webhook, controller and configurer) +// ParseFlags generates a configuration for Ingress Controller based on the flags +// provided by users +func ParseFlags() (bool, *controller.Configuration, error) { var ( flags = pflag.NewFlagSet("", pflag.ExitOnError) @@ -379,3 +383,12 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g return false, config, err } + +// ResetForTesting clears all flag state and sets the usage function as directed. +// After calling resetForTesting, parse errors in flag handling will not +// exit the program. +// Extracted from https://github.com/golang/go/blob/master/src/flag/export_test.go +func ResetForTesting(usage func()) { + flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ContinueOnError) + flag.Usage = usage +} diff --git a/cmd/nginx/flags_test.go b/pkg/flags/flags_test.go similarity index 76% rename from cmd/nginx/flags_test.go rename to pkg/flags/flags_test.go index b25fa7557..2a33d73dd 100644 --- a/cmd/nginx/flags_test.go +++ b/pkg/flags/flags_test.go @@ -14,32 +14,22 @@ See the License for the specific language governing permissions and limitations under the License. */ -package main +package flags import ( - "flag" "os" "testing" ) -// resetForTesting clears all flag state and sets the usage function as directed. -// After calling resetForTesting, parse errors in flag handling will not -// exit the program. -// Extracted from https://github.com/golang/go/blob/master/src/flag/export_test.go -func resetForTesting(usage func()) { - flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ContinueOnError) - flag.Usage = usage -} - func TestNoMandatoryFlag(t *testing.T) { - _, _, err := parseFlags() + _, _, err := ParseFlags() if err != nil { t.Fatalf("Expected no error but got: %s", err) } } func TestDefaults(t *testing.T) { - resetForTesting(func() { t.Fatal("Parsing failed") }) + ResetForTesting(func() { t.Fatal("Parsing failed") }) oldArgs := os.Args defer func() { os.Args = oldArgs }() @@ -49,7 +39,7 @@ func TestDefaults(t *testing.T) { "--https-port", "0", } - showVersion, conf, err := parseFlags() + showVersion, conf, err := ParseFlags() if err != nil { t.Fatalf("Unexpected error parsing default flags: %v", err) } @@ -68,52 +58,52 @@ func TestSetupSSLProxy(t *testing.T) { } func TestFlagConflict(t *testing.T) { - resetForTesting(func() { t.Fatal("Parsing failed") }) + ResetForTesting(func() { t.Fatal("Parsing failed") }) oldArgs := os.Args defer func() { os.Args = oldArgs }() os.Args = []string{"cmd", "--publish-service", "namespace/test", "--http-port", "0", "--https-port", "0", "--publish-status-address", "1.1.1.1"} - _, _, err := parseFlags() + _, _, err := ParseFlags() if err == nil { t.Fatalf("Expected an error parsing flags but none returned") } } func TestMaxmindEdition(t *testing.T) { - resetForTesting(func() { t.Fatal("Parsing failed") }) + ResetForTesting(func() { t.Fatal("Parsing failed") }) oldArgs := os.Args defer func() { os.Args = oldArgs }() os.Args = []string{"cmd", "--publish-service", "namespace/test", "--http-port", "0", "--https-port", "0", "--maxmind-license-key", "0000000", "--maxmind-edition-ids", "GeoLite2-City, TestCheck"} - _, _, err := parseFlags() + _, _, err := ParseFlags() if err == nil { t.Fatalf("Expected an error parsing flags but none returned") } } func TestMaxmindMirror(t *testing.T) { - resetForTesting(func() { t.Fatal("Parsing failed") }) + ResetForTesting(func() { t.Fatal("Parsing failed") }) oldArgs := os.Args defer func() { os.Args = oldArgs }() os.Args = []string{"cmd", "--publish-service", "namespace/test", "--http-port", "0", "--https-port", "0", "--maxmind-mirror", "http://geoip.local", "--maxmind-license-key", "0000000", "--maxmind-edition-ids", "GeoLite2-City, TestCheck"} - _, _, err := parseFlags() + _, _, err := ParseFlags() if err == nil { t.Fatalf("Expected an error parsing flags but none returned") } } func TestMaxmindRetryDownload(t *testing.T) { - resetForTesting(func() { t.Fatal("Parsing failed") }) + ResetForTesting(func() { t.Fatal("Parsing failed") }) oldArgs := os.Args defer func() { os.Args = oldArgs }() os.Args = []string{"cmd", "--publish-service", "namespace/test", "--http-port", "0", "--https-port", "0", "--maxmind-mirror", "http://127.0.0.1", "--maxmind-license-key", "0000000", "--maxmind-edition-ids", "GeoLite2-City", "--maxmind-retries-timeout", "1s", "--maxmind-retries-count", "3"} - _, _, err := parseFlags() + _, _, err := ParseFlags() if err == nil { t.Fatalf("Expected an error parsing flags but none returned") } diff --git a/pkg/metrics/handler.go b/pkg/metrics/handler.go new file mode 100644 index 000000000..c37c1760c --- /dev/null +++ b/pkg/metrics/handler.go @@ -0,0 +1,87 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package metrics + +import ( + "fmt" + "net/http" + "net/http/pprof" + "time" + + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promhttp" + "k8s.io/apiserver/pkg/server/healthz" + klog "k8s.io/klog/v2" +) + +func RegisterHealthz(healthPath string, mux *http.ServeMux, checks ...healthz.HealthChecker) { + + healthCheck := []healthz.HealthChecker{healthz.PingHealthz} + if len(checks) > 0 { + healthCheck = append(healthCheck, checks...) + } + // expose health check endpoint (/healthz) + healthz.InstallPathHandler(mux, + healthPath, + healthCheck..., + ) +} + +func RegisterMetrics(reg *prometheus.Registry, mux *http.ServeMux) { + mux.Handle( + "/metrics", + promhttp.InstrumentMetricHandler( + reg, + promhttp.HandlerFor(reg, promhttp.HandlerOpts{}), + ), + ) +} + +func RegisterProfiler(host string, port int) { + mux := http.NewServeMux() + + mux.HandleFunc("/debug/pprof/", pprof.Index) + mux.HandleFunc("/debug/pprof/heap", pprof.Index) + mux.HandleFunc("/debug/pprof/mutex", pprof.Index) + mux.HandleFunc("/debug/pprof/goroutine", pprof.Index) + mux.HandleFunc("/debug/pprof/threadcreate", pprof.Index) + mux.HandleFunc("/debug/pprof/block", pprof.Index) + mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) + mux.HandleFunc("/debug/pprof/profile", pprof.Profile) + mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) + mux.HandleFunc("/debug/pprof/trace", pprof.Trace) + + server := &http.Server{ + Addr: fmt.Sprintf("%s:%d", host, port), + //G112 (CWE-400): Potential Slowloris Attack + ReadHeaderTimeout: 10 * time.Second, + Handler: mux, + } + klog.Fatal(server.ListenAndServe()) +} + +func StartHTTPServer(host string, port int, mux *http.ServeMux) { + server := &http.Server{ + Addr: fmt.Sprintf("%s:%v", host, port), + Handler: mux, + ReadTimeout: 10 * time.Second, + ReadHeaderTimeout: 10 * time.Second, + WriteTimeout: 300 * time.Second, + IdleTimeout: 120 * time.Second, + } + klog.Fatal(server.ListenAndServe()) +} diff --git a/internal/file/file.go b/pkg/util/file/file.go similarity index 100% rename from internal/file/file.go rename to pkg/util/file/file.go diff --git a/internal/file/file_test.go b/pkg/util/file/file_test.go similarity index 100% rename from internal/file/file_test.go rename to pkg/util/file/file_test.go diff --git a/internal/file/filesystem.go b/pkg/util/file/filesystem.go similarity index 100% rename from internal/file/filesystem.go rename to pkg/util/file/filesystem.go diff --git a/internal/file/structure.go b/pkg/util/file/structure.go similarity index 100% rename from internal/file/structure.go rename to pkg/util/file/structure.go diff --git a/pkg/util/process/controller.go b/pkg/util/process/controller.go new file mode 100644 index 000000000..ae9bc9356 --- /dev/null +++ b/pkg/util/process/controller.go @@ -0,0 +1,24 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package process + +// ProcessController defines a common interface for a process to be controlled, +// like the configurer, the webhook or the proper ingress controller +type ProcessController interface { + Start() + Stop() error +} diff --git a/pkg/util/process/sigterm.go b/pkg/util/process/sigterm.go new file mode 100644 index 000000000..77c0ad58c --- /dev/null +++ b/pkg/util/process/sigterm.go @@ -0,0 +1,49 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package process + +import ( + "os" + "os/signal" + "syscall" + "time" + + klog "k8s.io/klog/v2" +) + +type exiter func(code int) + +// HandleSigterm receives a ProcessController interface and deals with +// the graceful shutdown +func HandleSigterm(ngx ProcessController, delay int, exit exiter) { + signalChan := make(chan os.Signal, 1) + signal.Notify(signalChan, syscall.SIGTERM) + <-signalChan + klog.InfoS("Received SIGTERM, shutting down") + + exitCode := 0 + if err := ngx.Stop(); err != nil { + klog.Warningf("Error during shutdown: %v", err) + exitCode = 1 + } + + klog.Infof("Handled quit, delaying controller exit for %d seconds", delay) + time.Sleep(time.Duration(delay) * time.Second) + + klog.InfoS("Exiting", "code", exitCode) + exit(exitCode) +} diff --git a/pkg/util/process/sigterm_test.go b/pkg/util/process/sigterm_test.go new file mode 100644 index 000000000..2c2a6ee91 --- /dev/null +++ b/pkg/util/process/sigterm_test.go @@ -0,0 +1,79 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package process + +import ( + "fmt" + "syscall" + "testing" + "time" +) + +type FakeProcess struct { + shouldError bool + exitCode int +} + +func (f *FakeProcess) Start() { +} + +func (f *FakeProcess) Stop() error { + if f.shouldError { + return fmt.Errorf("error") + } + return nil +} + +func (f *FakeProcess) exiterFunc(code int) { + f.exitCode = code +} + +func sendDelayedSignal(delay time.Duration) { + time.Sleep(delay * time.Second) + syscall.Kill(syscall.Getpid(), syscall.SIGTERM) +} + +func TestHandleSigterm(t *testing.T) { + tests := []struct { + name string + shouldError bool + delay int + }{ + { + name: "should exit without error", + shouldError: false, + }, + { + name: "should exit with error", + shouldError: true, + delay: 2, + }, + } + for _, tt := range tests { + process := &FakeProcess{shouldError: tt.shouldError} + t.Run(tt.name, func(t *testing.T) { + go sendDelayedSignal(2) // Send a signal after 2 seconds + HandleSigterm(process, tt.delay, process.exiterFunc) + }) + if tt.shouldError && process.exitCode != 1 { + t.Errorf("wrong return, should be 1 and returned %d", process.exitCode) + } + if !tt.shouldError && process.exitCode != 0 { + t.Errorf("wrong return, should be 0 and returned %d", process.exitCode) + } + } +} diff --git a/internal/runtime/cpu_linux.go b/pkg/util/runtime/cpu_linux.go similarity index 100% rename from internal/runtime/cpu_linux.go rename to pkg/util/runtime/cpu_linux.go diff --git a/internal/runtime/cpu_notlinux.go b/pkg/util/runtime/cpu_notlinux.go similarity index 100% rename from internal/runtime/cpu_notlinux.go rename to pkg/util/runtime/cpu_notlinux.go From 0cc43d5e5295a769fa6e9428004a70378b632e9b Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Thu, 21 Jul 2022 06:27:44 +0530 Subject: [PATCH 186/494] added fixes for make dev-env (#8804) --- Makefile | 3 ++- build/build.sh | 1 + build/run-in-docker.sh | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index bafddeef2..5ba8e8ed5 100644 --- a/Makefile +++ b/Makefile @@ -54,8 +54,9 @@ ifneq ($(PLATFORM),) endif MAC_OS = $(shell uname -s) + ifeq ($(MAC_OS), Darwin) - MAC_DOCKER_FLAGS="--load" + MAC_DOCKER_FLAGS= else MAC_DOCKER_FLAGS= endif diff --git a/build/build.sh b/build/build.sh index 210a8e10f..3b51d665e 100755 --- a/build/build.sh +++ b/build/build.sh @@ -49,6 +49,7 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director echo "Building ${PKG}/cmd/nginx" +git config --add safe.directory /go/src/k8s.io/ingress-nginx ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ -X ${PKG}/version.RELEASE=${TAG} \ diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index d2cfe9552..3cb1f8ef5 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -65,12 +65,14 @@ fi USER=${USER:-nobody} +MAC_OS="`uname -s`" MAC_OS="${MAC_OS:-}" if [[ ${MAC_OS} == "Darwin" ]]; then MAC_DOCKER_FLAGS="" else MAC_DOCKER_FLAGS="-u $(id -u ${USER}):$(id -g ${USER})" #idk why mac/git fails on the gobuild if these are presented to dockerrun.sh script fi +echo "MAC_OS = ${MAC_OS}, MAC_OS_FLAGS = ${MAC_DOCKER_FLAGS}" echo "..printing env & other vars to stdout" echo "HOSTNAME=`hostname`" From 7304086202ec94f08a4ae8ef3426478d9a9478a5 Mon Sep 17 00:00:00 2001 From: Ricardo Pchevuzinske Katz Date: Wed, 20 Jul 2022 18:15:03 -0300 Subject: [PATCH 187/494] Move util to specific package location --- internal/ingress/annotations/authreq/main.go | 2 +- internal/ingress/annotations/globalratelimit/main.go | 2 +- internal/ingress/annotations/ipwhitelist/main.go | 2 +- internal/ingress/annotations/ratelimit/main.go | 2 +- internal/ingress/controller/nginx.go | 5 ++--- internal/ingress/types_equals.go | 2 +- internal/net/ssl/ssl.go | 7 +++---- {internal/watch => pkg/util/file}/file_watcher.go | 2 +- {internal/watch => pkg/util/file}/file_watcher_test.go | 6 ++---- {internal => pkg/util}/sets/match.go | 0 {internal => pkg/util}/sets/match_test.go | 0 11 files changed, 13 insertions(+), 17 deletions(-) rename {internal/watch => pkg/util/file}/file_watcher.go (99%) rename {internal/watch => pkg/util/file}/file_watcher_test.go (96%) rename {internal => pkg/util}/sets/match.go (100%) rename {internal => pkg/util}/sets/match_test.go (100%) diff --git a/internal/ingress/annotations/authreq/main.go b/internal/ingress/annotations/authreq/main.go index b5dc4c70b..b607f5482 100644 --- a/internal/ingress/annotations/authreq/main.go +++ b/internal/ingress/annotations/authreq/main.go @@ -28,7 +28,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/parser" ing_errors "k8s.io/ingress-nginx/internal/ingress/errors" "k8s.io/ingress-nginx/internal/ingress/resolver" - "k8s.io/ingress-nginx/internal/sets" + "k8s.io/ingress-nginx/pkg/util/sets" ) // Config returns external authentication configuration for an Ingress rule diff --git a/internal/ingress/annotations/globalratelimit/main.go b/internal/ingress/annotations/globalratelimit/main.go index c5763d0cb..ea9fc4678 100644 --- a/internal/ingress/annotations/globalratelimit/main.go +++ b/internal/ingress/annotations/globalratelimit/main.go @@ -27,7 +27,7 @@ import ( ing_errors "k8s.io/ingress-nginx/internal/ingress/errors" "k8s.io/ingress-nginx/internal/ingress/resolver" "k8s.io/ingress-nginx/internal/net" - "k8s.io/ingress-nginx/internal/sets" + "k8s.io/ingress-nginx/pkg/util/sets" ) const defaultKey = "$remote_addr" diff --git a/internal/ingress/annotations/ipwhitelist/main.go b/internal/ingress/annotations/ipwhitelist/main.go index 38610ade6..63c049fef 100644 --- a/internal/ingress/annotations/ipwhitelist/main.go +++ b/internal/ingress/annotations/ipwhitelist/main.go @@ -27,7 +27,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/parser" ing_errors "k8s.io/ingress-nginx/internal/ingress/errors" "k8s.io/ingress-nginx/internal/ingress/resolver" - "k8s.io/ingress-nginx/internal/sets" + "k8s.io/ingress-nginx/pkg/util/sets" ) // SourceRange returns the CIDR diff --git a/internal/ingress/annotations/ratelimit/main.go b/internal/ingress/annotations/ratelimit/main.go index 4011c2542..84a5f10f0 100644 --- a/internal/ingress/annotations/ratelimit/main.go +++ b/internal/ingress/annotations/ratelimit/main.go @@ -26,7 +26,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/resolver" "k8s.io/ingress-nginx/internal/net" - "k8s.io/ingress-nginx/internal/sets" + "k8s.io/ingress-nginx/pkg/util/sets" ) const ( diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 41ec0445a..9c56b3322 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -58,7 +58,6 @@ import ( "k8s.io/ingress-nginx/internal/net/ssl" "k8s.io/ingress-nginx/internal/nginx" "k8s.io/ingress-nginx/internal/task" - "k8s.io/ingress-nginx/internal/watch" "k8s.io/ingress-nginx/pkg/util/file" klog "k8s.io/klog/v2" @@ -172,7 +171,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro n.t = ngxTpl - _, err = watch.NewFileWatcher(nginx.TemplatePath, onTemplateChange) + _, err = file.NewFileWatcher(nginx.TemplatePath, onTemplateChange) if err != nil { klog.Fatalf("Error creating file watcher for %v: %v", nginx.TemplatePath, err) } @@ -196,7 +195,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro } for _, f := range filesToWatch { - _, err = watch.NewFileWatcher(f, func() { + _, err = file.NewFileWatcher(f, func() { klog.InfoS("File changed detected. Reloading NGINX", "path", f) n.syncQueue.EnqueueTask(task.GetDummyObject("file-change")) }) diff --git a/internal/ingress/types_equals.go b/internal/ingress/types_equals.go index 3e39940a3..1ba80d07e 100644 --- a/internal/ingress/types_equals.go +++ b/internal/ingress/types_equals.go @@ -17,7 +17,7 @@ limitations under the License. package ingress import ( - "k8s.io/ingress-nginx/internal/sets" + "k8s.io/ingress-nginx/pkg/util/sets" ) // Equal tests for equality between two Configuration types diff --git a/internal/net/ssl/ssl.go b/internal/net/ssl/ssl.go index 339724095..bdbdb2e06 100644 --- a/internal/net/ssl/ssl.go +++ b/internal/net/ssl/ssl.go @@ -43,9 +43,8 @@ import ( "k8s.io/ingress-nginx/internal/ingress" ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config" - "k8s.io/ingress-nginx/internal/watch" - "k8s.io/ingress-nginx/pkg/util/file" + klog "k8s.io/klog/v2" ) @@ -509,8 +508,8 @@ func NewTLSListener(certificate, key string) *TLSListener { l.load() - _, _ = watch.NewFileWatcher(certificate, l.load) - _, _ = watch.NewFileWatcher(key, l.load) + _, _ = file.NewFileWatcher(certificate, l.load) + _, _ = file.NewFileWatcher(key, l.load) return &l } diff --git a/internal/watch/file_watcher.go b/pkg/util/file/file_watcher.go similarity index 99% rename from internal/watch/file_watcher.go rename to pkg/util/file/file_watcher.go index b393045b2..eeb7b5721 100644 --- a/internal/watch/file_watcher.go +++ b/pkg/util/file/file_watcher.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package watch +package file import ( "log" diff --git a/internal/watch/file_watcher_test.go b/pkg/util/file/file_watcher_test.go similarity index 96% rename from internal/watch/file_watcher_test.go rename to pkg/util/file/file_watcher_test.go index e1f5ed30d..316cb6f1e 100644 --- a/internal/watch/file_watcher_test.go +++ b/pkg/util/file/file_watcher_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package watch +package file import ( "os" @@ -22,8 +22,6 @@ import ( "path/filepath" "testing" "time" - - "k8s.io/ingress-nginx/pkg/util/file" ) func prepareTimeout() chan bool { @@ -61,7 +59,7 @@ func TestFileWatcher(t *testing.T) { t.Fatalf("expected no events before writing a file") case <-timeoutChan: } - os.WriteFile(f.Name(), []byte{}, file.ReadWriteByUser) + os.WriteFile(f.Name(), []byte{}, ReadWriteByUser) select { case <-events: case <-timeoutChan: diff --git a/internal/sets/match.go b/pkg/util/sets/match.go similarity index 100% rename from internal/sets/match.go rename to pkg/util/sets/match.go diff --git a/internal/sets/match_test.go b/pkg/util/sets/match_test.go similarity index 100% rename from internal/sets/match_test.go rename to pkg/util/sets/match_test.go From 32d06d4b3bc8ff0c7829698d87ec1bd4fe4b7c8b Mon Sep 17 00:00:00 2001 From: Ricardo Pchevuzinske Katz Date: Wed, 20 Jul 2022 18:43:39 -0300 Subject: [PATCH 188/494] Move TCPProxy to pkg --- internal/ingress/controller/nginx.go | 13 +++++++------ .../ingress/controller => pkg/tcpproxy}/tcp.go | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) rename {internal/ingress/controller => pkg/tcpproxy}/tcp.go (99%) diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 9c56b3322..05b3393f1 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -44,6 +44,7 @@ import ( v1core "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/tools/record" "k8s.io/client-go/util/flowcontrol" + "k8s.io/ingress-nginx/pkg/tcpproxy" adm_controller "k8s.io/ingress-nginx/internal/admission/controller" "k8s.io/ingress-nginx/internal/ingress" @@ -101,7 +102,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro runningConfig: new(ingress.Configuration), - Proxy: &TCPProxy{}, + Proxy: &tcpproxy.TCPProxy{}, metricCollector: mc, @@ -241,7 +242,7 @@ type NGINXController struct { isShuttingDown bool - Proxy *TCPProxy + Proxy *tcpproxy.TCPProxy store store.Storer @@ -439,7 +440,7 @@ func (n NGINXController) DefaultEndpoint() ingress.Endpoint { func (n NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressCfg ingress.Configuration) ([]byte, error) { if n.cfg.EnableSSLPassthrough { - servers := []*TCPServer{} + servers := []*tcpproxy.TCPServer{} for _, pb := range ingressCfg.PassthroughBackends { svc := pb.Service if svc == nil { @@ -464,7 +465,7 @@ func (n NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressC } // TODO: Allow PassthroughBackends to specify they support proxy-protocol - servers = append(servers, &TCPServer{ + servers = append(servers, &tcpproxy.TCPServer{ Hostname: pb.Hostname, IP: svc.Spec.ClusterIP, Port: port, @@ -751,8 +752,8 @@ func (n *NGINXController) setupSSLProxy() { proxyPort := n.cfg.ListenPorts.SSLProxy klog.InfoS("Starting TLS proxy for SSL Passthrough") - n.Proxy = &TCPProxy{ - Default: &TCPServer{ + n.Proxy = &tcpproxy.TCPProxy{ + Default: &tcpproxy.TCPServer{ Hostname: "localhost", IP: "127.0.0.1", Port: proxyPort, diff --git a/internal/ingress/controller/tcp.go b/pkg/tcpproxy/tcp.go similarity index 99% rename from internal/ingress/controller/tcp.go rename to pkg/tcpproxy/tcp.go index eedecc71a..7bbff80b4 100644 --- a/internal/ingress/controller/tcp.go +++ b/pkg/tcpproxy/tcp.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controller +package tcpproxy import ( "fmt" From c86d50ecef07367197dec8891ae65aacb2b7bc88 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Thu, 21 Jul 2022 21:32:48 -0300 Subject: [PATCH 189/494] Move APIs to be used by both controller and configurer (#8854) --- hack/update-codegen.sh | 2 +- internal/ingress/controller/config/config.go | 2 +- internal/ingress/controller/controller.go | 2 +- internal/ingress/controller/controller_test.go | 2 +- internal/ingress/controller/endpoints.go | 2 +- internal/ingress/controller/endpoints_test.go | 2 +- internal/ingress/controller/location.go | 2 +- internal/ingress/controller/nginx.go | 2 +- internal/ingress/controller/nginx_test.go | 2 +- internal/ingress/controller/store/backend_ssl.go | 2 +- internal/ingress/controller/store/ingress.go | 2 +- internal/ingress/controller/store/ingress_annotation.go | 2 +- internal/ingress/controller/store/local_secret.go | 2 +- internal/ingress/controller/store/store.go | 2 +- internal/ingress/controller/store/store_test.go | 2 +- internal/ingress/controller/template/template.go | 2 +- internal/ingress/controller/template/template_test.go | 2 +- internal/ingress/controller/util.go | 2 +- internal/ingress/metric/collectors/controller.go | 2 +- internal/ingress/metric/collectors/controller_test.go | 2 +- internal/ingress/metric/dummy.go | 2 +- internal/ingress/metric/main.go | 2 +- internal/ingress/status/status.go | 2 +- internal/ingress/status/status_test.go | 2 +- internal/net/ssl/ssl.go | 2 +- {internal => pkg/apis}/ingress/sslcert.go | 0 {internal => pkg/apis}/ingress/types.go | 9 ++------- {internal => pkg/apis}/ingress/types_equals.go | 0 {internal => pkg/apis}/ingress/types_equals_test.go | 6 +++--- {internal => pkg/apis}/ingress/zz_generated.deepcopy.go | 0 30 files changed, 30 insertions(+), 35 deletions(-) rename {internal => pkg/apis}/ingress/sslcert.go (100%) rename {internal => pkg/apis}/ingress/types.go (98%) rename {internal => pkg/apis}/ingress/types_equals.go (100%) rename {internal => pkg/apis}/ingress/types_equals_test.go (96%) rename {internal => pkg/apis}/ingress/zz_generated.deepcopy.go (100%) diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index 9023a3a1a..fadc67633 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -38,7 +38,7 @@ chmod +x ${CODEGEN_PKG}/generate-groups.sh # nginxingress:v1alpha1 \ # --output-base "$(dirname ${BASH_SOURCE})/../../.." ${CODEGEN_PKG}/generate-groups.sh "deepcopy" \ - k8s.io/ingress-nginx/internal k8s.io/ingress-nginx/internal \ + k8s.io/ingress-nginx/internal k8s.io/ingress-nginx/pkg/apis \ .:ingress \ --output-base "$(dirname ${BASH_SOURCE})/../../.." \ --go-header-file ${SCRIPT_ROOT}/hack/boilerplate/boilerplate.generated.go.txt diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index dfc90c385..4ee2df965 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -24,8 +24,8 @@ import ( apiv1 "k8s.io/api/core/v1" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/defaults" + "k8s.io/ingress-nginx/pkg/apis/ingress" "k8s.io/ingress-nginx/pkg/util/runtime" ) diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 44385f175..d0f85bb01 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -32,7 +32,6 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/wait" clientset "k8s.io/client-go/kubernetes" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/annotations" "k8s.io/ingress-nginx/internal/ingress/annotations/log" "k8s.io/ingress-nginx/internal/ingress/annotations/parser" @@ -45,6 +44,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/metric/collectors" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/nginx" + "k8s.io/ingress-nginx/pkg/apis/ingress" "k8s.io/klog/v2" ) diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index 0e8ae9d62..f875632e0 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -39,7 +39,7 @@ import ( "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/kubernetes/fake" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" "k8s.io/ingress-nginx/internal/ingress/annotations" "k8s.io/ingress-nginx/internal/ingress/annotations/canary" diff --git a/internal/ingress/controller/endpoints.go b/internal/ingress/controller/endpoints.go index 26d7f298e..5615fadea 100644 --- a/internal/ingress/controller/endpoints.go +++ b/internal/ingress/controller/endpoints.go @@ -29,8 +29,8 @@ import ( corev1 "k8s.io/api/core/v1" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/k8s" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) // getEndpoints returns a list of Endpoint structs for a given service/target port combination. diff --git a/internal/ingress/controller/endpoints_test.go b/internal/ingress/controller/endpoints_test.go index 83c8e1837..f38ffabe7 100644 --- a/internal/ingress/controller/endpoints_test.go +++ b/internal/ingress/controller/endpoints_test.go @@ -22,7 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) func TestGetEndpoints(t *testing.T) { diff --git a/internal/ingress/controller/location.go b/internal/ingress/controller/location.go index d40e88960..9776f8c87 100644 --- a/internal/ingress/controller/location.go +++ b/internal/ingress/controller/location.go @@ -21,7 +21,7 @@ import ( "strings" networking "k8s.io/api/networking/v1" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) var ( diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 05b3393f1..d0f4abe27 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -47,7 +47,6 @@ import ( "k8s.io/ingress-nginx/pkg/tcpproxy" adm_controller "k8s.io/ingress-nginx/internal/admission/controller" - "k8s.io/ingress-nginx/internal/ingress" ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config" "k8s.io/ingress-nginx/internal/ingress/controller/process" "k8s.io/ingress-nginx/internal/ingress/controller/store" @@ -59,6 +58,7 @@ import ( "k8s.io/ingress-nginx/internal/net/ssl" "k8s.io/ingress-nginx/internal/nginx" "k8s.io/ingress-nginx/internal/task" + "k8s.io/ingress-nginx/pkg/apis/ingress" "k8s.io/ingress-nginx/pkg/util/file" klog "k8s.io/klog/v2" diff --git a/internal/ingress/controller/nginx_test.go b/internal/ingress/controller/nginx_test.go index d168efffd..c2c71b797 100644 --- a/internal/ingress/controller/nginx_test.go +++ b/internal/ingress/controller/nginx_test.go @@ -32,8 +32,8 @@ import ( apiv1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/nginx" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) func TestIsDynamicConfigurationEnough(t *testing.T) { diff --git a/internal/ingress/controller/store/backend_ssl.go b/internal/ingress/controller/store/backend_ssl.go index 96164b95e..6f0fcf189 100644 --- a/internal/ingress/controller/store/backend_ssl.go +++ b/internal/ingress/controller/store/backend_ssl.go @@ -24,7 +24,7 @@ import ( networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" klog "k8s.io/klog/v2" diff --git a/internal/ingress/controller/store/ingress.go b/internal/ingress/controller/store/ingress.go index 1d8ccb342..d05b2624b 100644 --- a/internal/ingress/controller/store/ingress.go +++ b/internal/ingress/controller/store/ingress.go @@ -19,7 +19,7 @@ package store import ( networking "k8s.io/api/networking/v1" "k8s.io/client-go/tools/cache" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) // IngressLister makes a Store that lists Ingress. diff --git a/internal/ingress/controller/store/ingress_annotation.go b/internal/ingress/controller/store/ingress_annotation.go index c9c596d1e..b70ceb1c6 100644 --- a/internal/ingress/controller/store/ingress_annotation.go +++ b/internal/ingress/controller/store/ingress_annotation.go @@ -18,7 +18,7 @@ package store import ( "k8s.io/client-go/tools/cache" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) // IngressWithAnnotationsLister makes a Store that lists Ingress rules with annotations already parsed diff --git a/internal/ingress/controller/store/local_secret.go b/internal/ingress/controller/store/local_secret.go index ee3ced398..8b26e7a53 100644 --- a/internal/ingress/controller/store/local_secret.go +++ b/internal/ingress/controller/store/local_secret.go @@ -21,7 +21,7 @@ import ( "k8s.io/client-go/tools/cache" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) // SSLCertTracker holds a store of referenced Secrets in Ingress rules diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 72300a4de..239fbaaf5 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -48,7 +48,6 @@ import ( "k8s.io/ingress-nginx/pkg/util/file" klog "k8s.io/klog/v2" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/annotations" "k8s.io/ingress-nginx/internal/ingress/annotations/parser" ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config" @@ -58,6 +57,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/errors" "k8s.io/ingress-nginx/internal/ingress/resolver" "k8s.io/ingress-nginx/internal/k8s" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) // IngressFilterFunc decides if an Ingress should be omitted or not diff --git a/internal/ingress/controller/store/store_test.go b/internal/ingress/controller/store/store_test.go index 4868f792f..9b8947f9c 100644 --- a/internal/ingress/controller/store/store_test.go +++ b/internal/ingress/controller/store/store_test.go @@ -36,9 +36,9 @@ import ( "k8s.io/client-go/tools/cache" "sigs.k8s.io/controller-runtime/pkg/envtest" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/controller/ingressclass" + "k8s.io/ingress-nginx/pkg/apis/ingress" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index a331c196a..8d4cb6e75 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -40,12 +40,12 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/klog/v2" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/annotations/influxdb" "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/annotations/ratelimit" "k8s.io/ingress-nginx/internal/ingress/controller/config" ing_net "k8s.io/ingress-nginx/internal/net" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) const ( diff --git a/internal/ingress/controller/template/template_test.go b/internal/ingress/controller/template/template_test.go index a741919ed..cb1ebd1b7 100644 --- a/internal/ingress/controller/template/template_test.go +++ b/internal/ingress/controller/template/template_test.go @@ -34,7 +34,6 @@ import ( networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/annotations/authreq" "k8s.io/ingress-nginx/internal/ingress/annotations/influxdb" "k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity" @@ -43,6 +42,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/rewrite" "k8s.io/ingress-nginx/internal/ingress/controller/config" "k8s.io/ingress-nginx/internal/nginx" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) func init() { diff --git a/internal/ingress/controller/util.go b/internal/ingress/controller/util.go index a8232ed0e..6562dd17c 100644 --- a/internal/ingress/controller/util.go +++ b/internal/ingress/controller/util.go @@ -28,7 +28,7 @@ import ( api "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" klog "k8s.io/klog/v2" ) diff --git a/internal/ingress/metric/collectors/controller.go b/internal/ingress/metric/collectors/controller.go index e4e2655c8..5822f0d57 100644 --- a/internal/ingress/metric/collectors/controller.go +++ b/internal/ingress/metric/collectors/controller.go @@ -22,7 +22,7 @@ import ( "github.com/prometheus/client_golang/prometheus" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" "k8s.io/ingress-nginx/version" "k8s.io/klog/v2" ) diff --git a/internal/ingress/metric/collectors/controller_test.go b/internal/ingress/metric/collectors/controller_test.go index bc9f21c60..ef80bc96a 100644 --- a/internal/ingress/metric/collectors/controller_test.go +++ b/internal/ingress/metric/collectors/controller_test.go @@ -24,7 +24,7 @@ import ( "time" "github.com/prometheus/client_golang/prometheus" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) func TestControllerCounters(t *testing.T) { diff --git a/internal/ingress/metric/dummy.go b/internal/ingress/metric/dummy.go index 8360dc87d..4a6366b84 100644 --- a/internal/ingress/metric/dummy.go +++ b/internal/ingress/metric/dummy.go @@ -18,7 +18,7 @@ package metric import ( "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) // NewDummyCollector returns a dummy metric collector diff --git a/internal/ingress/metric/main.go b/internal/ingress/metric/main.go index a0aea1e71..b3323c7fe 100644 --- a/internal/ingress/metric/main.go +++ b/internal/ingress/metric/main.go @@ -25,8 +25,8 @@ import ( "k8s.io/klog/v2" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/metric/collectors" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) // Collector defines the interface for a metric collector diff --git a/internal/ingress/status/status.go b/internal/ingress/status/status.go index bf79701fc..2e53682a0 100644 --- a/internal/ingress/status/status.go +++ b/internal/ingress/status/status.go @@ -34,9 +34,9 @@ import ( "k8s.io/apimachinery/pkg/util/wait" clientset "k8s.io/client-go/kubernetes" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/task" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) // UpdateInterval defines the time interval, in seconds, in diff --git a/internal/ingress/status/status_test.go b/internal/ingress/status/status_test.go index fefca5ff2..d4ef09e7c 100644 --- a/internal/ingress/status/status_test.go +++ b/internal/ingress/status/status_test.go @@ -28,10 +28,10 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" testclient "k8s.io/client-go/kubernetes/fake" - "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/controller/ingressclass" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/task" + "k8s.io/ingress-nginx/pkg/apis/ingress" ) func buildLoadBalancerIngressByIP() []apiv1.LoadBalancerIngress { diff --git a/internal/net/ssl/ssl.go b/internal/net/ssl/ssl.go index bdbdb2e06..05ec10bc5 100644 --- a/internal/net/ssl/ssl.go +++ b/internal/net/ssl/ssl.go @@ -40,7 +40,7 @@ import ( "github.com/zakjan/cert-chain-resolver/certUtil" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/ingress-nginx/internal/ingress" + "k8s.io/ingress-nginx/pkg/apis/ingress" ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config" "k8s.io/ingress-nginx/pkg/util/file" diff --git a/internal/ingress/sslcert.go b/pkg/apis/ingress/sslcert.go similarity index 100% rename from internal/ingress/sslcert.go rename to pkg/apis/ingress/sslcert.go diff --git a/internal/ingress/types.go b/pkg/apis/ingress/types.go similarity index 98% rename from internal/ingress/types.go rename to pkg/apis/ingress/types.go index db4f37f99..8460ee684 100644 --- a/internal/ingress/types.go +++ b/pkg/apis/ingress/types.go @@ -42,13 +42,8 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/rewrite" ) -var ( - // DefaultSSLDirectory defines the location where the SSL certificates will be generated - // This directory contains all the SSL certificates that are specified in Ingress rules. - // The name of each file is -.pem. The content is the concatenated - // certificate and key. - DefaultSSLDirectory = "/ingress-controller/ssl" -) +// TODO: The API shouldn't be importing structs from annotation code. Instead we probably want a conversion from internal +// to API object, or see how much effort is to move the structs of annotations to become an "API'ish" as well // Configuration holds the definition of all the parts required to describe all // ingresses reachable by the ingress controller (using a filter by namespace) diff --git a/internal/ingress/types_equals.go b/pkg/apis/ingress/types_equals.go similarity index 100% rename from internal/ingress/types_equals.go rename to pkg/apis/ingress/types_equals.go diff --git a/internal/ingress/types_equals_test.go b/pkg/apis/ingress/types_equals_test.go similarity index 96% rename from internal/ingress/types_equals_test.go rename to pkg/apis/ingress/types_equals_test.go index 8119d26c7..78d29d46c 100644 --- a/internal/ingress/types_equals_test.go +++ b/pkg/apis/ingress/types_equals_test.go @@ -25,19 +25,19 @@ import ( ) func TestEqualConfiguration(t *testing.T) { - ap, _ := filepath.Abs("../../test/manifests/configuration-a.json") + ap, _ := filepath.Abs("../../../test/manifests/configuration-a.json") a, err := readJSON(ap) if err != nil { t.Errorf("unexpected error reading JSON file: %v", err) } - bp, _ := filepath.Abs("../../test/manifests/configuration-b.json") + bp, _ := filepath.Abs("../../../test/manifests/configuration-b.json") b, err := readJSON(bp) if err != nil { t.Errorf("unexpected error reading JSON file: %v", err) } - cp, _ := filepath.Abs("../../test/manifests/configuration-c.json") + cp, _ := filepath.Abs("../../../test/manifests/configuration-c.json") c, err := readJSON(cp) if err != nil { t.Errorf("unexpected error reading JSON file: %v", err) diff --git a/internal/ingress/zz_generated.deepcopy.go b/pkg/apis/ingress/zz_generated.deepcopy.go similarity index 100% rename from internal/ingress/zz_generated.deepcopy.go rename to pkg/apis/ingress/zz_generated.deepcopy.go From a581a7bebc1f4ff028f1e57dca0ce95abef78c62 Mon Sep 17 00:00:00 2001 From: "qilong.qiu" Date: Fri, 22 Jul 2022 19:21:38 +0800 Subject: [PATCH 190/494] Add docs on Election ID to Multiple Ingress Controller guide (#8855) --- docs/index.md | 10 ++++++++++ docs/user-guide/multiple-ingress.md | 4 +++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index 91661cba3..5687bf5d3 100644 --- a/docs/index.md +++ b/docs/index.md @@ -228,3 +228,13 @@ If you start Ingress-Nginx B with the command line argument `--watch-ingress-wit --set controller.ingressClassByName=true ``` - If you need to install yet another instance, then repeat the procedure to create a new namespace, change the values such as names & namespaces (for example from "-2" to "-3"), or anything else that meets your needs. +- If you need to install all instances in the same namespace, then you need to specify a different **election id**, like this: + ``` + helm install ingress-nginx-2 ingress-nginx/ingress-nginx \ + --namespace kube-system \ + --set controller.electionID=nginx-two-leader \ + --set controller.ingressClassResource.name=nginx-two \ + --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \ + --set controller.ingressClassResource.enabled=true \ + --set controller.ingressClassByName=true + ``` \ No newline at end of file diff --git a/docs/user-guide/multiple-ingress.md b/docs/user-guide/multiple-ingress.md index 4825b8458..35e0e45dc 100644 --- a/docs/user-guide/multiple-ingress.md +++ b/docs/user-guide/multiple-ingress.md @@ -8,7 +8,7 @@ To fix this problem, use [IngressClasses](https://kubernetes.io/docs/concepts/se If all ingress controllers respect IngressClasses (e.g. multiple instances of ingress-nginx v1.0), you can deploy two Ingress controllers by granting them control over two different IngressClasses, then selecting one of the two IngressClasses with `ingressClassName`. -First, ensure the `--controller-class=` and `--ingress-class` are set to something different on each ingress controller: +First, ensure the `--controller-class=` and `--ingress-class` are set to something different on each ingress controller, If your additional ingress controller is to be installed in a namespace, where there is/are one/more-than-one ingress-nginx-controller(s) already installed, then you need to specify a different unique `--election-id` for the new instance of the controller. ```yaml # ingress-nginx Deployment/Statefulset @@ -19,6 +19,7 @@ spec: - name: ingress-nginx-internal-controller args: - /nginx-ingress-controller + - '--election-id=ingress-controller-leader' - '--controller-class=k8s.io/internal-ingress-nginx' - '--ingress-class=k8s.io/internal-nginx' ... @@ -53,6 +54,7 @@ or if installing with Helm: ```yaml controller: + electionID: ingress-controller-leader ingressClassResource: name: internal-nginx # default: nginx enabled: true From f0ff7e841de204a5d95a931a979cecfee273c914 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sat, 23 Jul 2022 19:54:57 +0530 Subject: [PATCH 191/494] bump to alpine-3.16.1 (#8858) --- docs/examples/customization/sysctl/patch.json | 2 +- images/cfssl/rootfs/Dockerfile | 2 +- images/httpbin/rootfs/Dockerfile | 2 +- images/nginx/rootfs/Dockerfile | 4 ++-- images/opentelemetry/rootfs/Dockerfile | 4 ++-- rootfs/Dockerfile-chroot | 2 +- test/e2e-image/Dockerfile | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/examples/customization/sysctl/patch.json b/docs/examples/customization/sysctl/patch.json index 683b4ec6b..319ccf4f8 100644 --- a/docs/examples/customization/sysctl/patch.json +++ b/docs/examples/customization/sysctl/patch.json @@ -4,7 +4,7 @@ "spec": { "initContainers": [{ "name": "sysctl", - "image": "alpine:3.16.0", + "image": "alpine:3.16.1", "securityContext": { "privileged": true }, diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index bfe19cfd9..59a89d92c 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.0 +FROM alpine:3.16.1 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk add --no-cache \ diff --git a/images/httpbin/rootfs/Dockerfile b/images/httpbin/rootfs/Dockerfile index 5ee58d69c..016ab913f 100644 --- a/images/httpbin/rootfs/Dockerfile +++ b/images/httpbin/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.0 +FROM alpine:3.16.1 ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index fd3dfe5ba..a93a58f8f 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.0 as builder +FROM alpine:3.16.1 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.16.0 +FROM alpine:3.16.1 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 18fea3d51..ccab2223d 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.16.0 as base +FROM alpine:3.16.1 as base RUN mkdir -p /opt/third_party/install COPY . /opt/third_party/ @@ -39,7 +39,7 @@ COPY --from=grpc /opt/third_party/install/ /usr COPY --from=otel-cpp /opt/third_party/install/ /usr RUN bash /opt/third_party/build.sh -n -FROM alpine:3.16.0 +FROM alpine:3.16.1 COPY --from=base /opt/third_party/init_module.sh /usr/local/bin/init_module.sh COPY --from=nginx /etc/nginx/modules /etc/nginx/modules COPY --from=nginx /opt/third_party/install/lib /etc/nginx/modules diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index 69d2a0f71..de2fd6da0 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.16.0 +FROM alpine:3.16.1 ARG TARGETARCH ARG VERSION diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index e29c7524b..d88338d65 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,7 +1,7 @@ ARG E2E_BASE_IMAGE FROM ${E2E_BASE_IMAGE} AS BASE -FROM alpine:3.16.0 +FROM alpine:3.16.1 RUN apk add -U --no-cache \ ca-certificates \ From 18ee046b432502aedfed9321f0a9b50bfc009a67 Mon Sep 17 00:00:00 2001 From: David Goffredo Date: Sat, 23 Jul 2022 14:02:57 -0400 Subject: [PATCH 192/494] update dd-opentracing-cpp version in nginx build script (#8848) * update dd-opentracing-cpp version in nginx build script * idiomatic placement of "v" prefix in Datadog plugin version tag --- images/nginx/rootfs/build.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index c23ed8681..f3efb3663 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -53,8 +53,8 @@ export JAEGER_VERSION=0.7.0 # Check for recent changes: https://github.com/msgpack/msgpack-c/compare/cpp-3.3.0...master export MSGPACK_VERSION=3.3.0 -# Check for recent changes: https://github.com/DataDog/dd-opentracing-cpp/compare/v1.3.0...master -export DATADOG_CPP_VERSION=af53c523787cca108ae9f458ea5c962e48187a36 +# Check for recent changes: https://github.com/DataDog/dd-opentracing-cpp/compare/v1.3.2...master +export DATADOG_CPP_VERSION=1.3.2 # Check for recent changes: https://github.com/SpiderLabs/ModSecurity-nginx/compare/v1.0.2...master export MODSECURITY_VERSION=1.0.2 @@ -264,8 +264,8 @@ get_src 1ee6dad809a5bb22efb45e6dac767f7ce544ad652d353a93d7f26b605f69fe3f \ "https://github.com/openresty/luajit2/archive/v$LUAJIT_VERSION.tar.gz" fi -get_src f29393f2cd9288105a0029a6a324fe1f7558a9e7e852d59a6355f7581bb90e30 \ - "https://github.com/DataDog/dd-opentracing-cpp/archive/$DATADOG_CPP_VERSION.tar.gz" +get_src 586f92166018cc27080d34e17c59d68219b85af745edf3cc9fe41403fc9b4ac6 \ + "https://github.com/DataDog/dd-opentracing-cpp/archive/v$DATADOG_CPP_VERSION.tar.gz" get_src 1af5a5632dc8b00ae103d51b7bf225de3a7f0df82f5c6a401996c080106e600e \ "https://github.com/influxdata/nginx-influxdb-module/archive/$NGINX_INFLUXDB_VERSION.tar.gz" From c5766dc011965f22fac2f4437e86d0fd9960a50c Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sun, 24 Jul 2022 07:24:57 +0530 Subject: [PATCH 193/494] changed baseimage sha & bumped ginkgo to 2.1.4 in test (#8860) --- NGINX_BASE | 2 +- build/run-in-docker.sh | 2 +- images/nginx/rc.yaml | 2 +- test/e2e/run-chart-test.sh | 2 +- test/e2e/run.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/NGINX_BASE b/NGINX_BASE index cab849353..c3407a5a5 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:e1a16f6e74ef43cdfd59de75b3394d6b20ef7645@sha256:283c8c6132ebaeb155c927ea6e8ae0cd834a4a05d4807eceafa1b6e44d875911 +registry.k8s.io/ingress-nginx/nginx:18ee046b432502aedfed9321f0a9b50bfc009a67@sha256:b555a13dcc9165157a61b2279ed7f309e406c3267c93472cb6967215eacf4ab3 diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 3cb1f8ef5..7fdc20699 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -86,7 +86,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "FLAGS=$FLAGS" go env set -x - go install -mod=mod github.com/onsi/ginkgo/ginkgo@v1.16.4 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.1.4 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/images/nginx/rc.yaml b/images/nginx/rc.yaml index 2936cf14b..f5c281842 100644 --- a/images/nginx/rc.yaml +++ b/images/nginx/rc.yaml @@ -38,7 +38,7 @@ spec: spec: containers: - name: nginx - image: registry.k8s.io/ingress-nginx/nginx:0ff500c23f34e939305de709cb6d47da34b66611@sha256:15f91034a03550dfab6ec50a7be4abbb683d087e234ad7fef5adedef54e46a5a + image: registry.k8s.io/ingress-nginx/nginx:18ee046b432502aedfed9321f0a9b50bfc009a67@sha256:b555a13dcc9165157a61b2279ed7f309e406c3267c93472cb6967215eacf4ab3 ports: - containerPort: 80 - containerPort: 443 diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 49ec146a7..2af8aa1d3 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/ginkgo@v1.16.4 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.1.4 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 6edc18848..6b1cabb4c 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -79,7 +79,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/ginkgo@v1.16.4 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.1.4 fi echo "[dev-env] building image" From 1c03a886619243af2f7abfc0dd14f1a4adb5f2fd Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sun, 24 Jul 2022 21:30:57 +0530 Subject: [PATCH 194/494] update baseimage after bump of opentracing-cpp (#8861) --- NGINX_BASE | 2 +- images/nginx/rc.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NGINX_BASE b/NGINX_BASE index c3407a5a5..f0d8b2fd8 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:18ee046b432502aedfed9321f0a9b50bfc009a67@sha256:b555a13dcc9165157a61b2279ed7f309e406c3267c93472cb6967215eacf4ab3 +registry.k8s.io/ingress-nginx/nginx:c5766dc011965f22fac2f4437e86d0fd9960a50c@sha256:94ff9b435a5f3f4570bbdaed4a3a523f63a54ce2ad6b132b5640bae2af5d9d90 diff --git a/images/nginx/rc.yaml b/images/nginx/rc.yaml index f5c281842..bcf2b0274 100644 --- a/images/nginx/rc.yaml +++ b/images/nginx/rc.yaml @@ -38,7 +38,7 @@ spec: spec: containers: - name: nginx - image: registry.k8s.io/ingress-nginx/nginx:18ee046b432502aedfed9321f0a9b50bfc009a67@sha256:b555a13dcc9165157a61b2279ed7f309e406c3267c93472cb6967215eacf4ab3 + image: registry.k8s.io/ingress-nginx/nginx:c5766dc011965f22fac2f4437e86d0fd9960a50c@sha256:94ff9b435a5f3f4570bbdaed4a3a523f63a54ce2ad6b132b5640bae2af5d9d90 ports: - containerPort: 80 - containerPort: 443 From 423008b75282616413b743321d60d3a9557a570e Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Sun, 24 Jul 2022 23:56:24 +0800 Subject: [PATCH 195/494] fix: test-runner prow build Signed-off-by: Jintao Zhang --- images/test-runner/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 0f2b72bad..c102f914e 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -23,7 +23,7 @@ REGISTRY ?= local IMAGE = $(REGISTRY)/e2e-test-runner -NGINX_BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE) +NGINX_BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE || echo "/home/prow/go/src/github.com/kubernetes/ingress-nginx/NGINX_BASE") # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled @@ -34,6 +34,8 @@ OUTPUT= PROGRESS=plain build: ensure-buildx + echo $(NGINX_BASE_IMAGE) + pwd docker buildx build \ --platform=${PLATFORMS} $(OUTPUT) \ --progress=$(PROGRESS) \ From f9dcc13a0e0aa81fbf85da26cfb3104287257ac4 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Sun, 24 Jul 2022 19:10:56 +0300 Subject: [PATCH 196/494] fix: make use of sed portable for BSD and GNU (#8859) Signed-off-by: Ismayil Mirzali --- hack/generate-deploy-scripts.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hack/generate-deploy-scripts.sh b/hack/generate-deploy-scripts.sh index c85f21705..7b4f304ad 100755 --- a/hack/generate-deploy-scripts.sh +++ b/hack/generate-deploy-scripts.sh @@ -55,11 +55,11 @@ do --namespace ingress-nginx \ --kube-version ${K8S_VERSION} \ > $MANIFEST - sed -i '' '/app.kubernetes.io\/managed-by: Helm/d' $MANIFEST - sed -i '' '/helm.sh/d' $MANIFEST + sed -i.bak '/app.kubernetes.io\/managed-by: Helm/d' $MANIFEST + sed -i.bak '/helm.sh/d' $MANIFEST kustomize --load-restrictor=LoadRestrictionsNone build . > ${OUTPUT_DIR}/deploy.yaml - rm $MANIFEST + rm $MANIFEST $MANIFEST.bak cd ~- # automatically generate the (unsupported) kustomization.yaml for each target sed "s_{TARGET}_${TARGET}_" $TEMPLATE_DIR/static-kustomization-template.yaml > ${OUTPUT_DIR}/kustomization.yaml @@ -68,7 +68,7 @@ do if [[ ${K8S_VERSION} = ${K8S_DEFAULT_VERSION} ]] then cp ${OUTPUT_DIR}/*.yaml ${OUTPUT_DIR}/../ - sed -i "s/^/#GENERATED FOR K8S ${K8S_VERSION}\n/" ${OUTPUT_DIR}/../deploy.yaml + sed -i.bak "s/^/#GENERATED FOR K8S ${K8S_VERSION}\n/" ${OUTPUT_DIR}/../deploy.yaml && rm ${OUTPUT_DIR}/../deploy.yaml.bak fi done done From 92f81e7449fa5bce5777b2aba924373984fb8530 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Mon, 25 Jul 2022 00:22:57 +0800 Subject: [PATCH 197/494] fix: test-runner prow build (#8864) Signed-off-by: Jintao Zhang --- images/test-runner/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index c102f914e..aa63287b4 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -23,7 +23,7 @@ REGISTRY ?= local IMAGE = $(REGISTRY)/e2e-test-runner -NGINX_BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE || echo "/home/prow/go/src/github.com/kubernetes/ingress-nginx/NGINX_BASE") +NGINX_BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE || cat "/home/prow/go/src/github.com/kubernetes/ingress-nginx/NGINX_BASE") # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled From d2fbd38cd16abf92c8d06149a2b8eebe1e8b4554 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Mon, 25 Jul 2022 09:40:58 +0800 Subject: [PATCH 198/494] Revert "fix: test-runner prow build" (#8865) This reverts commit 423008b75282616413b743321d60d3a9557a570e. --- images/test-runner/Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index aa63287b4..0f2b72bad 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -23,7 +23,7 @@ REGISTRY ?= local IMAGE = $(REGISTRY)/e2e-test-runner -NGINX_BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE || cat "/home/prow/go/src/github.com/kubernetes/ingress-nginx/NGINX_BASE") +NGINX_BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE) # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled @@ -34,8 +34,6 @@ OUTPUT= PROGRESS=plain build: ensure-buildx - echo $(NGINX_BASE_IMAGE) - pwd docker buildx build \ --platform=${PLATFORMS} $(OUTPUT) \ --progress=$(PROGRESS) \ From 000d1b27755cc39fb48a95162fb0f68f11119ac2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20T=C3=B3th?= Date: Tue, 26 Jul 2022 21:57:10 +0200 Subject: [PATCH 199/494] version (commit sha) bump for dependency github.com/moul/pb due to dependency licence (#8841) --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index c72359736..748678dbf 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/mitchellh/go-ps v1.0.0 github.com/mitchellh/hashstructure v1.1.0 github.com/mitchellh/mapstructure v1.5.0 - github.com/moul/pb v0.0.0-20180404114147-54bdd96e6a52 + github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 github.com/onsi/ginkgo v1.16.5 github.com/opencontainers/runc v1.1.3 diff --git a/go.sum b/go.sum index 34bd73d10..951da0363 100644 --- a/go.sum +++ b/go.sum @@ -443,6 +443,8 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/moul/pb v0.0.0-20180404114147-54bdd96e6a52 h1:8zDEa5yAIWYBHSDpPbSgGIBL/SvPSE9/FlB3aQ54d/A= github.com/moul/pb v0.0.0-20180404114147-54bdd96e6a52/go.mod h1:jE2HT8eoucYyUPBFJMreiVlC3KPHkDMtN8wn+ef7Y64= +github.com/moul/pb v0.0.0-20220425114252-bca18df4138c h1:1STmblv9zmHLDpru4dbnf1PNL6wrrZNf7yBH+SfQU+s= +github.com/moul/pb v0.0.0-20220425114252-bca18df4138c/go.mod h1:jE2HT8eoucYyUPBFJMreiVlC3KPHkDMtN8wn+ef7Y64= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= From fe116d62cb4018d5d85847c45050b7d46286d4bc Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Wed, 27 Jul 2022 04:01:10 +0800 Subject: [PATCH 200/494] fix: change cloudbuild configuration (#8869) Signed-off-by: Jintao Zhang --- images/test-runner/cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/test-runner/cloudbuild.yaml b/images/test-runner/cloudbuild.yaml index 253b99799..b1f32d6a2 100644 --- a/images/test-runner/cloudbuild.yaml +++ b/images/test-runner/cloudbuild.yaml @@ -16,7 +16,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/test-runner && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" From 91e61745567234ab1fa0f7f1c2b114377fff0585 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 26 Jul 2022 16:13:10 -0400 Subject: [PATCH 201/494] Update gce docs (#8866) * update GCE doc with proxy protocol and some fixes Signed-off-by: James Strong * update gke docs Signed-off-by: James Strong --- Makefile | 7 ++- docs/deploy/index.md | 134 ++++++++++++++++++++++++++++++------------- 2 files changed, 100 insertions(+), 41 deletions(-) diff --git a/Makefile b/Makefile index 5ba8e8ed5..fcbf79816 100644 --- a/Makefile +++ b/Makefile @@ -56,7 +56,7 @@ endif MAC_OS = $(shell uname -s) ifeq ($(MAC_OS), Darwin) - MAC_DOCKER_FLAGS= + MAC_DOCKER_FLAGS="--load" else MAC_DOCKER_FLAGS= endif @@ -220,7 +220,10 @@ dev-env-stop: ## Deletes local Kubernetes cluster created by kind. .PHONY: live-docs live-docs: ## Build and launch a local copy of the documentation website in http://localhost:8000 - @docker build ${PLATFORM_FLAG} ${PLATFORM} -t ingress-nginx-docs .github/actions/mkdocs + @docker build ${PLATFORM_FLAG} ${PLATFORM} \ + --no-cache \ + $(MAC_DOCKER_FLAGS) \ + -t ingress-nginx-docs .github/actions/mkdocs @docker run ${PLATFORM_FLAG} ${PLATFORM} --rm -it \ -p 8000:8000 \ -v ${PWD}:/docs \ diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 00ee6a9f5..502e46dda 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -6,11 +6,15 @@ There are multiple ways to install the NGINX ingress controller: - with `kubectl apply`, using YAML manifests; - with specific addons (e.g. for [minikube](#minikube) or [MicroK8s](#microk8s)). -On most Kubernetes clusters, the ingress controller will work without requiring any extra configuration. If you want to get started as fast as possible, you can check the [quick start](#quick-start) instructions. However, in many environments, you can improve the performance or get better logs by enabling extra features. we recommend that you check the [environment-specific instructions](#environment-specific-instructions) for details about optimizing the ingress controller for your particular environment or cloud provider. +On most Kubernetes clusters, the ingress controller will work without requiring any extra configuration. If you want to +get started as fast as possible, you can check the [quick start](#quick-start) instructions. However, in many +environments, you can improve the performance or get better logs by enabling extra features. we recommend that you +check the [environment-specific instructions](#environment-specific-instructions) for details about optimizing the +ingress controller for your particular environment or cloud provider. ## Contents - + - [Quick start](#quick-start) @@ -28,7 +32,12 @@ On most Kubernetes clusters, the ingress controller will work without requiring - ... [Bare-metal](#bare-metal-clusters) - [Miscellaneous](#miscellaneous) - + ## Quick start @@ -55,13 +64,14 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont ``` !!! info - The YAML manifest in the command above was generated with `helm template`, so you will end up with almost the same resources as if you had used Helm to install the controller. + The YAML manifest in the command above was generated with `helm template`, so you will end up with almost the same + resources as if you had used Helm to install the controller. !!! attention If you are running an old version of Kubernetes (1.18 or earlier), please read [this paragraph](#running-on-Kubernetes-versions-older-than-1.19) for specific instructions. Because of api deprecations, the default manifest may not work on your cluster. - Specific manifests for supported Kubernetes versions are available within a subfolder of each provider. + Specific manifests for supported Kubernetes versions are available within a sub-folder of each provider. ### Pre-flight check @@ -71,7 +81,8 @@ A few pods should start in the `ingress-nginx` namespace: kubectl get pods --namespace=ingress-nginx ``` -After a while, they should all be running. The following command will wait for the ingress controller pod to be up, running, and ready: +After a while, they should all be running. The following command will wait for the ingress controller pod to be up, +running, and ready: ```console kubectl wait --namespace ingress-nginx \ @@ -89,7 +100,7 @@ kubectl create deployment demo --image=httpd --port=80 kubectl expose deployment demo ``` -Then create an ingress resource. The following example uses an host that maps to `localhost`: +Then create an ingress resource. The following example uses a host that maps to `localhost`: ```console kubectl create ingress demo-localhost --class=nginx \ @@ -106,7 +117,8 @@ At this point, if you access http://demo.localdev.me:8080/, you should see an HT ### Online testing -If your Kubernetes cluster is a "real" cluster that supports services of type `LoadBalancer`, it will have allocated an external IP address or FQDN to the ingress controller. +If your Kubernetes cluster is a "real" cluster that supports services of type `LoadBalancer`, it will have allocated an +external IP address or FQDN to the ingress controller. You can see that IP address or FQDN with the following command: @@ -114,9 +126,11 @@ You can see that IP address or FQDN with the following command: kubectl get service ingress-nginx-controller --namespace=ingress-nginx ``` -It will be the `EXTERNAL-IP` field. If that field shows ``, this means that your Kubernetes cluster wasn't able to provision the load balancer (generally, this is because it doesn't support services of type `LoadBalancer`). +It will be the `EXTERNAL-IP` field. If that field shows ``, this means that your Kubernetes cluster wasn't +able to provision the load balancer (generally, this is because it doesn't support services of type `LoadBalancer`). -Once you have the external IP address (or FQDN), set up a DNS record pointing to it. Then you can create an ingress resource. The following example assumes that you have set up a DNS record for `www.demo.io`: +Once you have the external IP address (or FQDN), set up a DNS record pointing to it. Then you can create an ingress +resource. The following example assumes that you have set up a DNS record for `www.demo.io`: ```console kubectl create ingress demo --class=nginx \ @@ -130,7 +144,8 @@ kubectl create ingress demo --class=nginx \ ``` -You should then be able to see the "It works!" page when you connect to http://www.demo.io/. Congratulations, you are serving a public web site hosted on a Kubernetes cluster! 🎉 +You should then be able to see the "It works!" page when you connect to http://www.demo.io/. Congratulations, +you are serving a public website hosted on a Kubernetes cluster! 🎉 ## Environment-specific instructions @@ -161,27 +176,41 @@ Kubernetes is available in Docker Desktop: - Mac, from [version 18.06.0-ce](https://docs.docker.com/docker-for-mac/release-notes/#stable-releases-of-2018) - Windows, from [version 18.06.0-ce](https://docs.docker.com/docker-for-windows/release-notes/#docker-community-edition-18060-ce-win70-2018-07-25) -First, make sure that Kubernetes is enabled in the Docker settings. The command `kubectl get nodes` should show a single node called `docker-desktop`. +First, make sure that Kubernetes is enabled in the Docker settings. The command `kubectl get nodes` should show a +single node called `docker-desktop`. The ingress controller can be installed on Docker Desktop using the default [quick start](#quick-start) instructions. -On most systems, if you don't have any other service of type `LoadBalancer` bound to port 80, the ingress controller will be assigned the `EXTERNAL-IP` of `localhost`, which means that it will be reachable on localhost:80. If that doesn't work, you might have to fall back to the `kubectl port-forward` method described in the [local testing section](#local-testing). +On most systems, if you don't have any other service of type `LoadBalancer` bound to port 80, the ingress controller +will be assigned the `EXTERNAL-IP` of `localhost`, which means that it will be reachable on localhost:80. If that +doesn't work, you might have to fall back to the `kubectl port-forward` method described in the +[local testing section](#local-testing). ### Cloud deployments -If the load balancers of your cloud provider do active healthchecks on their backends (most do), you can change the `externalTrafficPolicy` of the ingress controller Service to `Local` (instead of the default `Cluster`) to save an extra hop in some cases. If you're installing with Helm, this can be done by adding `--set controller.service.externalTrafficPolicy=Local` to the `helm install` or `helm upgrade` command. +If the load balancers of your cloud provider do active healthchecks on their backends (most do), you can change the +`externalTrafficPolicy` of the ingress controller Service to `Local` (instead of the default `Cluster`) to save an +extra hop in some cases. If you're installing with Helm, this can be done by adding +`--set controller.service.externalTrafficPolicy=Local` to the `helm install` or `helm upgrade` command. -Furthermore, if the load balancers of your cloud provider support the PROXY protocol, you can enable it, and it will let the ingress controller see the real IP address of the clients. Otherwise, it will generally see the IP address of the upstream load balancer. This must be done both in the ingress controller (with e.g. `--set controller.config.use-proxy-protocol=true`) and in the cloud provider's load balancer configuration to function correctly. +Furthermore, if the load balancers of your cloud provider support the PROXY protocol, you can enable it, and it will +let the ingress controller see the real IP address of the clients. Otherwise, it will generally see the IP address of +the upstream load balancer. This must be done both in the ingress controller +(with e.g. `--set controller.config.use-proxy-protocol=true`) and in the cloud provider's load balancer configuration +to function correctly. -In the following sections, we provide YAML manifests that enable these options when possible, using the specific options of various cloud providers. +In the following sections, we provide YAML manifests that enable these options when possible, using the specific +options of various cloud providers. #### AWS -In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`. +In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`. !!! info The provided templates illustrate the setup for legacy in-tree service load balancer for AWS NLB. - AWS provides the documentation on how to use [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html) with [AWS Load Balancer Controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller). + AWS provides the documentation on how to use + [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html) + with [AWS Load Balancer Controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller). ##### Network Load Balancer (NLB) @@ -191,7 +220,8 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont ##### TLS termination in AWS Load Balancer (NLB) -By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. +By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. +This section explains how to do that on AWS using an NLB. 1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template @@ -216,13 +246,17 @@ By default, TLS is terminated in the ingress controller. But it is also possible ##### NLB Idle Timeouts -Idle timeout value for TCP flows is 350 seconds and [cannot be modified](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout). +Idle timeout value for TCP flows is 350 seconds and +[cannot be modified](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout). -For this reason, you need to ensure the [keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) value is configured less than 350 seconds to work as expected. +For this reason, you need to ensure the +[keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) +value is configured less than 350 seconds to work as expected. -By default NGINX `keepalive_timeout` is set to `75s`. +By default, NGINX `keepalive_timeout` is set to `75s`. -More information with regards to timeouts can be found in the [official AWS documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout) +More information with regard to timeouts can be found in the +[official AWS documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout) #### GCE-GKE @@ -242,12 +276,15 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont ``` !!! warning - For private clusters, you will need to either add an additional firewall rule that allows master nodes access to port `8443/tcp` on worker nodes, or change the existing rule that allows access to ports `80/tcp`, `443/tcp` and `10254/tcp` to also allow access to port `8443/tcp`. + For private clusters, you will need to either add a firewall rule that allows master nodes access to + port `8443/tcp` on worker nodes, or change the existing rule that allows access to port `80/tcp`, `443/tcp` and + `10254/tcp` to also allow access to port `8443/tcp`. More information can be found in the + [Official GCP Documentation](https://cloud.google.com/load-balancing/docs/tcp/setting-up-tcp#config-hc-firewall). - See the [GKE documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) on adding rules and the [Kubernetes issue](https://github.com/kubernetes/kubernetes/issues/79739) for more detail. + See the [GKE documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) + on adding rules and the [Kubernetes issue](https://github.com/kubernetes/kubernetes/issues/79739) for more detail. -!!! warning - Proxy protocol is not supported in GCE/GKE. +Proxy-protocol is supported in GCE check the [Official Documentations on how to enable.](https://cloud.google.com/load-balancing/docs/tcp/setting-up-tcp#proxy-protocol) #### Azure @@ -255,7 +292,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml ``` -More information with regards to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). +More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). #### Digital Ocean @@ -275,7 +312,8 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/exoscale/deploy.yaml ``` -The full list of annotations supported by Exoscale is available in the Exoscale Cloud Controller Manager [documentation](https://github.com/exoscale/exoscale-cloud-controller-manager/blob/master/docs/service-loadbalancer.md). +The full list of annotations supported by Exoscale is available in the Exoscale Cloud Controller Manager +[documentation](https://github.com/exoscale/exoscale-cloud-controller-manager/blob/master/docs/service-loadbalancer.md). #### Oracle Cloud Infrastructure @@ -283,19 +321,25 @@ The full list of annotations supported by Exoscale is available in the Exoscale kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml ``` -A [complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation. +A +[complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) +can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation. ### Bare metal clusters -This section is applicable to Kubernetes clusters deployed on bare metal servers, as well as "raw" VMs where Kubernetes was installed manually, using generic Linux distros (like CentOS, Ubuntu...) +This section is applicable to Kubernetes clusters deployed on bare metal servers, as well as "raw" VMs where Kubernetes +was installed manually, using generic Linux distros (like CentOS, Ubuntu...) -For quick testing, you can use a [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). This should work on almost every cluster, but it will typically use a port in the range 30000-32767. +For quick testing, you can use a +[NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). +This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/baremetal/deploy.yaml ``` -For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), see [bare-metal considerations](./baremetal.md). +For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), +see [bare-metal considerations](./baremetal.md). ## Miscellaneous @@ -311,14 +355,21 @@ kubectl exec $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version ### Scope -By default, the controller watches Ingress objects from all namespaces. If you want to change this behavior, use the flag `--watch-namespace` or check the Helm chart value `controller.scope` to limit the controller to a single namespace. +By default, the controller watches Ingress objects from all namespaces. If you want to change this behavior, +use the flag `--watch-namespace` or check the Helm chart value `controller.scope` to limit the controller to a single +namespace. -See also [“How to easily install multiple instances of the Ingress NGINX controller in the same cluster”](https://kubernetes.github.io/ingress-nginx/#how-to-easily-install-multiple-instances-of-the-ingress-nginx-controller-in-the-same-cluster) for more details. +See also +[“How to easily install multiple instances of the Ingress NGINX controller in the same cluster”](https://kubernetes.github.io/ingress-nginx/#how-to-easily-install-multiple-instances-of-the-ingress-nginx-controller-in-the-same-cluster) +for more details. ### Webhook network access !!! warning - The controller uses an [admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) to validate Ingress definitions. Make sure that you don't have [Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) or additional firewalls preventing connections from the API server to the `ingress-nginx-controller-admission` service. + The controller uses an [admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) + to validate Ingress definitions. Make sure that you don't have + [Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) + or additional firewalls preventing connections from the API server to the `ingress-nginx-controller-admission` service. ### Certificate generation @@ -338,7 +389,8 @@ You can wait until it is ready to run the next command: ### Running on Kubernetes versions older than 1.19 -Ingress resources evolved over time. They started with `apiVersion: extensions/v1beta1`, then moved to `apiVersion: networking.k8s.io/v1beta1` and more recently to `apiVersion: networking.k8s.io/v1`. +Ingress resources evolved over time. They started with `apiVersion: extensions/v1beta1`, +then moved to `apiVersion: networking.k8s.io/v1beta1` and more recently to `apiVersion: networking.k8s.io/v1`. Here is how these Ingress versions are supported in Kubernetes: - before Kubernetes 1.19, only `v1beta1` Ingress resources are supported @@ -349,6 +401,10 @@ And here is how these Ingress versions are supported in NGINX Ingress Controller - before version 1.0, only `v1beta1` Ingress resources are supported - in version 1.0 and above, only `v1` Ingress resources are -As a result, if you're running Kubernetes 1.19 or later, you should be able to use the latest version of the NGINX Ingress Controller; but if you're using an old version of Kubernetes (1.18 or earlier) you will have to use version 0.X of the NGINX Ingress Controller (e.g. version 0.49). +As a result, if you're running Kubernetes 1.19 or later, you should be able to use the latest version of the NGINX +Ingress Controller; but if you're using an old version of Kubernetes (1.18 or earlier) you will have to use version 0.X +of the NGINX Ingress Controller (e.g. version 0.49). -The Helm chart of the NGINX Ingress Controller switched to version 1 in version 4 of the chart. In other words, if you're running Kubernetes 1.19 or earlier, you should use version 3.X of the chart (this can be done by adding `--version='<4'` to the `helm install` command). +The Helm chart of the NGINX Ingress Controller switched to version 1 in version 4 of the chart. In other words, if +you're running Kubernetes 1.19 or earlier, you should use version 3.X of the chart (this can be done by adding +`--version='<4'` to the `helm install` command). From f0490cbfbf29a7a05caaac29998dde56173ac2bb Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Wed, 27 Jul 2022 05:43:11 +0800 Subject: [PATCH 202/494] fix: change all cloudbuild jobs configuration (#8870) Signed-off-by: Jintao Zhang --- images/cfssl/cloudbuild.yaml | 2 +- images/custom-error-pages/cloudbuild.yaml | 2 +- images/echo/cloudbuild.yaml | 2 +- images/ext-auth-example-authsvc/cloudbuild.yaml | 2 +- images/fastcgi-helloserver/cloudbuild.yaml | 2 +- images/go-grpc-greeter-server/cloudbuild.yaml | 2 +- images/httpbin/cloudbuild.yaml | 2 +- images/kube-webhook-certgen/cloudbuild.yaml | 2 +- images/nginx/cloudbuild.yaml | 2 +- images/opentelemetry/cloudbuild.yaml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/images/cfssl/cloudbuild.yaml b/images/cfssl/cloudbuild.yaml index a71001c89..5fb9e0c96 100644 --- a/images/cfssl/cloudbuild.yaml +++ b/images/cfssl/cloudbuild.yaml @@ -16,7 +16,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/cfssl && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" diff --git a/images/custom-error-pages/cloudbuild.yaml b/images/custom-error-pages/cloudbuild.yaml index 45cff0021..8c96d289c 100644 --- a/images/custom-error-pages/cloudbuild.yaml +++ b/images/custom-error-pages/cloudbuild.yaml @@ -16,7 +16,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/custom-error-pages && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" diff --git a/images/echo/cloudbuild.yaml b/images/echo/cloudbuild.yaml index 2f773cebc..8349b5a7f 100644 --- a/images/echo/cloudbuild.yaml +++ b/images/echo/cloudbuild.yaml @@ -16,7 +16,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/echo && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" diff --git a/images/ext-auth-example-authsvc/cloudbuild.yaml b/images/ext-auth-example-authsvc/cloudbuild.yaml index b92b9c877..fbd5d7b63 100644 --- a/images/ext-auth-example-authsvc/cloudbuild.yaml +++ b/images/ext-auth-example-authsvc/cloudbuild.yaml @@ -18,7 +18,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/ext-auth-example-authsvc && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" diff --git a/images/fastcgi-helloserver/cloudbuild.yaml b/images/fastcgi-helloserver/cloudbuild.yaml index a71001c89..37df1d168 100644 --- a/images/fastcgi-helloserver/cloudbuild.yaml +++ b/images/fastcgi-helloserver/cloudbuild.yaml @@ -16,7 +16,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/fastcgi-helloserver && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" diff --git a/images/go-grpc-greeter-server/cloudbuild.yaml b/images/go-grpc-greeter-server/cloudbuild.yaml index b92b9c877..f4d6cc6d4 100644 --- a/images/go-grpc-greeter-server/cloudbuild.yaml +++ b/images/go-grpc-greeter-server/cloudbuild.yaml @@ -18,7 +18,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/go-grpc-greeter-server && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" diff --git a/images/httpbin/cloudbuild.yaml b/images/httpbin/cloudbuild.yaml index b92b9c877..03f269b6e 100644 --- a/images/httpbin/cloudbuild.yaml +++ b/images/httpbin/cloudbuild.yaml @@ -18,7 +18,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/httpbin && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" diff --git a/images/kube-webhook-certgen/cloudbuild.yaml b/images/kube-webhook-certgen/cloudbuild.yaml index d1eb9fe6e..127dee6eb 100644 --- a/images/kube-webhook-certgen/cloudbuild.yaml +++ b/images/kube-webhook-certgen/cloudbuild.yaml @@ -31,7 +31,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/kube-webhook-certgen && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "main" diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index 3e3d13579..fb9a51225 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -16,7 +16,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/nginx && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" diff --git a/images/opentelemetry/cloudbuild.yaml b/images/opentelemetry/cloudbuild.yaml index 5a4e1b3c0..e2aa5a2b2 100644 --- a/images/opentelemetry/cloudbuild.yaml +++ b/images/opentelemetry/cloudbuild.yaml @@ -18,7 +18,7 @@ steps: - -c - | gcloud auth configure-docker \ - && make push + && cd images/opentelemetry && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "main" From 5e6093cf59628004f2948674eb1fc5dc0d560dff Mon Sep 17 00:00:00 2001 From: Markus Engel Date: Thu, 28 Jul 2022 12:23:10 +0200 Subject: [PATCH 203/494] add X-Forwarded-For in custom error template (#7892) --- rootfs/etc/nginx/template/nginx.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 561278b6f..a04f71f0e 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -896,6 +896,7 @@ stream { proxy_set_header X-Service-Name $service_name; proxy_set_header X-Service-Port $service_port; proxy_set_header X-Request-ID $req_id; + proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $best_http_host; set $proxy_upstream_name {{ $upstreamName | quote }}; From 5b0cc8edca15e951b4c234fc1bec4a15e36a81b6 Mon Sep 17 00:00:00 2001 From: Lien Li Date: Mon, 1 Aug 2022 00:16:28 +0800 Subject: [PATCH 204/494] migrate ginkgo to v2 (#8826) * Migrate ginkgo to v2 * Update test/e2e/annotations/ipwhitelist.go Co-authored-by: Jintao Zhang * Update test/e2e/annotations/modsecurity/modsecurity.go Co-authored-by: Jintao Zhang * Update test/e2e/settings/access_log.go Co-authored-by: Jintao Zhang * remove unnecessary blank line * re-order packages * less change Co-authored-by: Jintao Zhang --- go.mod | 8 +++----- go.sum | 15 +++++++-------- test/e2e-image/Makefile | 2 +- test/e2e/admission/admission.go | 2 +- test/e2e/annotations/affinity.go | 2 +- test/e2e/annotations/affinitymode.go | 2 +- test/e2e/annotations/alias.go | 2 +- test/e2e/annotations/approot.go | 2 +- test/e2e/annotations/auth.go | 2 +- test/e2e/annotations/authtls.go | 2 +- test/e2e/annotations/backendprotocol.go | 2 +- test/e2e/annotations/canary.go | 2 +- test/e2e/annotations/clientbodybuffersize.go | 2 +- test/e2e/annotations/connection.go | 2 +- test/e2e/annotations/cors.go | 2 +- test/e2e/annotations/customhttperrors.go | 2 +- test/e2e/annotations/default_backend.go | 2 +- test/e2e/annotations/disableaccesslog.go | 4 ++-- test/e2e/annotations/fastcgi.go | 2 +- test/e2e/annotations/forcesslredirect.go | 2 +- test/e2e/annotations/fromtowwwredirect.go | 2 +- test/e2e/annotations/globalratelimit.go | 2 +- test/e2e/annotations/grpc.go | 2 +- test/e2e/annotations/http2pushpreload.go | 2 +- test/e2e/annotations/influxdb.go | 2 +- test/e2e/annotations/ipwhitelist.go | 3 ++- test/e2e/annotations/limitconnections.go | 2 +- test/e2e/annotations/limitrate.go | 2 +- test/e2e/annotations/log.go | 2 +- test/e2e/annotations/mirror.go | 2 +- test/e2e/annotations/modsecurity/modsecurity.go | 3 ++- test/e2e/annotations/preservetrailingslash.go | 2 +- test/e2e/annotations/proxy.go | 2 +- test/e2e/annotations/proxyssl.go | 2 +- test/e2e/annotations/redirect.go | 2 +- test/e2e/annotations/rewrite.go | 2 +- test/e2e/annotations/satisfy.go | 2 +- test/e2e/annotations/serversnippet.go | 2 +- test/e2e/annotations/serviceupstream.go | 2 +- test/e2e/annotations/snippet.go | 2 +- test/e2e/annotations/sslciphers.go | 2 +- test/e2e/annotations/streamsnippet.go | 8 ++++---- test/e2e/annotations/upstreamhashby.go | 2 +- test/e2e/annotations/upstreamvhost.go | 2 +- test/e2e/annotations/xforwardedprefix.go | 2 +- test/e2e/dbg/main.go | 2 +- test/e2e/defaultbackend/custom_default_backend.go | 2 +- test/e2e/defaultbackend/default_backend.go | 2 +- test/e2e/defaultbackend/ssl.go | 2 +- test/e2e/defaultbackend/with_hosts.go | 2 +- test/e2e/e2e.go | 5 ++--- test/e2e/framework/deployment.go | 2 +- test/e2e/framework/fastcgi_helloserver.go | 2 +- test/e2e/framework/framework.go | 8 ++++---- test/e2e/framework/grpc_fortune_teller.go | 2 +- test/e2e/framework/influxdb.go | 2 +- test/e2e/framework/k8s.go | 2 +- test/e2e/framework/ssl.go | 2 +- test/e2e/framework/test_context.go | 4 ---- test/e2e/framework/util.go | 2 +- test/e2e/gracefulshutdown/grace_period.go | 2 +- test/e2e/gracefulshutdown/shutdown.go | 2 +- test/e2e/gracefulshutdown/slow_requests.go | 2 +- test/e2e/ingress/deep_inspection.go | 2 +- test/e2e/ingress/multiple_rules.go | 2 +- test/e2e/ingress/pathtype_exact.go | 2 +- test/e2e/ingress/pathtype_mixed.go | 2 +- test/e2e/ingress/pathtype_prefix.go | 2 +- test/e2e/ingress/without_host.go | 2 +- test/e2e/leaks/lua_ssl.go | 2 +- test/e2e/loadbalance/configmap.go | 2 +- test/e2e/loadbalance/ewma.go | 2 +- test/e2e/loadbalance/round_robin.go | 2 +- test/e2e/lua/dynamic_certificates.go | 2 +- test/e2e/lua/dynamic_configuration.go | 2 +- test/e2e/nginx/nginx.go | 2 +- test/e2e/security/request_smuggling.go | 2 +- test/e2e/servicebackend/service_backend.go | 2 +- test/e2e/servicebackend/service_externalname.go | 2 +- test/e2e/servicebackend/service_nil_backend.go | 2 +- test/e2e/settings/access_log.go | 3 ++- test/e2e/settings/badannotationvalues.go | 2 +- test/e2e/settings/brotli.go | 2 +- test/e2e/settings/configmap_change.go | 2 +- test/e2e/settings/custom_header.go | 2 +- test/e2e/settings/default_ssl_certificate.go | 2 +- test/e2e/settings/disable_catch_all.go | 2 +- .../e2e/settings/disable_service_external_name.go | 2 +- test/e2e/settings/enable_real_ip.go | 2 +- test/e2e/settings/forwarded_headers.go | 2 +- test/e2e/settings/geoip2.go | 2 +- test/e2e/settings/global_access_block.go | 2 +- test/e2e/settings/global_external_auth.go | 2 +- test/e2e/settings/global_options.go | 2 +- test/e2e/settings/globalratelimit.go | 2 +- test/e2e/settings/hash-size.go | 2 +- test/e2e/settings/ingress_class.go | 2 +- test/e2e/settings/keep-alive.go | 2 +- test/e2e/settings/limit_rate.go | 2 +- test/e2e/settings/listen_nondefault_ports.go | 2 +- test/e2e/settings/log-format.go | 2 +- test/e2e/settings/lua_shared_dicts.go | 2 +- test/e2e/settings/main_snippet.go | 2 +- .../settings/modsecurity/modsecurity_snippet.go | 2 +- test/e2e/settings/multi_accept.go | 2 +- test/e2e/settings/namespace_selector.go | 2 +- test/e2e/settings/no_auth_locations.go | 2 +- test/e2e/settings/no_tls_redirect_locations.go | 2 +- test/e2e/settings/ocsp/ocsp.go | 2 +- test/e2e/settings/opentracing.go | 2 +- test/e2e/settings/plugins.go | 2 +- test/e2e/settings/pod_security_policy.go | 2 +- test/e2e/settings/pod_security_policy_volumes.go | 2 +- test/e2e/settings/proxy_connect_timeout.go | 2 +- test/e2e/settings/proxy_host.go | 2 +- test/e2e/settings/proxy_next_upstream.go | 2 +- test/e2e/settings/proxy_protocol.go | 2 +- test/e2e/settings/proxy_read_timeout.go | 2 +- test/e2e/settings/proxy_send_timeout.go | 2 +- test/e2e/settings/reuse-port.go | 2 +- test/e2e/settings/server_snippet.go | 2 +- test/e2e/settings/server_tokens.go | 2 +- test/e2e/settings/ssl_ciphers.go | 2 +- test/e2e/settings/stream_snippet.go | 11 ++++++----- test/e2e/settings/tls.go | 2 +- test/e2e/ssl/http_redirect.go | 2 +- test/e2e/ssl/secret_update.go | 2 +- test/e2e/status/update.go | 2 +- test/e2e/tcpudp/tcp.go | 2 +- 129 files changed, 152 insertions(+), 156 deletions(-) diff --git a/go.mod b/go.mod index 748678dbf..b6b164b09 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo v1.16.5 + github.com/onsi/ginkgo/v2 v2.1.4 github.com/opencontainers/runc v1.1.3 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.12.2 @@ -101,7 +101,6 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 // indirect - github.com/nxadm/tail v1.4.8 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect @@ -118,20 +117,19 @@ require ( github.com/yudai/gojsondiff v1.0.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.4.2 // indirect + golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect - golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff // indirect + golang.org/x/tools v0.1.10 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 // indirect google.golang.org/protobuf v1.28.0 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect diff --git a/go.sum b/go.sum index 951da0363..1d2446f1d 100644 --- a/go.sum +++ b/go.sum @@ -214,7 +214,6 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -459,7 +458,6 @@ github.com/ncabatoff/process-exporter v0.7.10/go.mod h1:DHZRZjqxw9LCOpLlX0DjBuyn github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -467,12 +465,13 @@ github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY= +github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE= +github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w= github.com/opencontainers/runc v1.1.3/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -720,8 +719,9 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -854,7 +854,6 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -951,14 +950,14 @@ golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82u golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff h1:VX/uD7MK0AHXGiScH3fsieUQUcpmRERPDYtqZdJnA+Q= golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= +golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= +golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 2973c5dad..9a81e06cc 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220110-gfd820db46@sha256:273f7d9b1b2297cd96b4d51600e45d932186a1cc79d00d179dfb43654112fe8f" +E2E_BASE_IMAGE="k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220726-controller-v1.3.0-29-gfe116d62c@sha256:0a199f7b8d4e84026b08c989d9058f3c9b7936af4e2487a6be1ff9077b684d0c" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/admission/admission.go b/test/e2e/admission/admission.go index c03a10ecc..bde98fddf 100644 --- a/test/e2e/admission/admission.go +++ b/test/e2e/admission/admission.go @@ -24,7 +24,7 @@ import ( "os/exec" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/annotations/affinity.go b/test/e2e/annotations/affinity.go index 4ca567e4c..6a0a0bf48 100644 --- a/test/e2e/annotations/affinity.go +++ b/test/e2e/annotations/affinity.go @@ -24,7 +24,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/annotations/affinitymode.go b/test/e2e/annotations/affinitymode.go index 6d22ea59f..2b40155d0 100644 --- a/test/e2e/annotations/affinitymode.go +++ b/test/e2e/annotations/affinitymode.go @@ -22,7 +22,7 @@ import ( "reflect" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/annotations/alias.go b/test/e2e/annotations/alias.go index 6b11a9c07..de829507d 100644 --- a/test/e2e/annotations/alias.go +++ b/test/e2e/annotations/alias.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/approot.go b/test/e2e/annotations/approot.go index a73c60253..485b4d277 100644 --- a/test/e2e/annotations/approot.go +++ b/test/e2e/annotations/approot.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go index d0ca5cf12..7da2ef7d9 100644 --- a/test/e2e/annotations/auth.go +++ b/test/e2e/annotations/auth.go @@ -26,7 +26,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" diff --git a/test/e2e/annotations/authtls.go b/test/e2e/annotations/authtls.go index dbf4f2a76..e96835aa0 100644 --- a/test/e2e/annotations/authtls.go +++ b/test/e2e/annotations/authtls.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/backendprotocol.go b/test/e2e/annotations/backendprotocol.go index a215cbe83..bccb03afb 100644 --- a/test/e2e/annotations/backendprotocol.go +++ b/test/e2e/annotations/backendprotocol.go @@ -19,7 +19,7 @@ package annotations import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/canary.go b/test/e2e/annotations/canary.go index b62ba5a70..893a4dc8b 100644 --- a/test/e2e/annotations/canary.go +++ b/test/e2e/annotations/canary.go @@ -23,7 +23,7 @@ import ( "regexp" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/annotations/clientbodybuffersize.go b/test/e2e/annotations/clientbodybuffersize.go index 7a4ce977f..4ea1943bd 100644 --- a/test/e2e/annotations/clientbodybuffersize.go +++ b/test/e2e/annotations/clientbodybuffersize.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/connection.go b/test/e2e/annotations/connection.go index a3d13702d..9cfcbacd0 100644 --- a/test/e2e/annotations/connection.go +++ b/test/e2e/annotations/connection.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/cors.go b/test/e2e/annotations/cors.go index f88459bce..f53bd8e9e 100644 --- a/test/e2e/annotations/cors.go +++ b/test/e2e/annotations/cors.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/customhttperrors.go b/test/e2e/annotations/customhttperrors.go index 7256b93fa..3862f817b 100644 --- a/test/e2e/annotations/customhttperrors.go +++ b/test/e2e/annotations/customhttperrors.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" networking "k8s.io/api/networking/v1" diff --git a/test/e2e/annotations/default_backend.go b/test/e2e/annotations/default_backend.go index 15a3505af..53c98a307 100644 --- a/test/e2e/annotations/default_backend.go +++ b/test/e2e/annotations/default_backend.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/disableaccesslog.go b/test/e2e/annotations/disableaccesslog.go index 1824af27c..4d152b45d 100644 --- a/test/e2e/annotations/disableaccesslog.go +++ b/test/e2e/annotations/disableaccesslog.go @@ -17,12 +17,12 @@ limitations under the License. package annotations import ( + "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" - "net/http" ) var _ = framework.DescribeAnnotation("disable-access-log disable-http-access-log disable-stream-access-log", func() { diff --git a/test/e2e/annotations/fastcgi.go b/test/e2e/annotations/fastcgi.go index f1f6d3ac1..0dc6ae4a4 100644 --- a/test/e2e/annotations/fastcgi.go +++ b/test/e2e/annotations/fastcgi.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" diff --git a/test/e2e/annotations/forcesslredirect.go b/test/e2e/annotations/forcesslredirect.go index 8fa2e8f60..4f5316971 100644 --- a/test/e2e/annotations/forcesslredirect.go +++ b/test/e2e/annotations/forcesslredirect.go @@ -19,7 +19,7 @@ package annotations import ( "net/http" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/fromtowwwredirect.go b/test/e2e/annotations/fromtowwwredirect.go index 4fb1763b2..9201bedb7 100644 --- a/test/e2e/annotations/fromtowwwredirect.go +++ b/test/e2e/annotations/fromtowwwredirect.go @@ -22,7 +22,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/annotations/globalratelimit.go b/test/e2e/annotations/globalratelimit.go index ca9302892..2efcc3558 100644 --- a/test/e2e/annotations/globalratelimit.go +++ b/test/e2e/annotations/globalratelimit.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/annotations/grpc.go b/test/e2e/annotations/grpc.go index 9da6fdc15..dfe8141ee 100644 --- a/test/e2e/annotations/grpc.go +++ b/test/e2e/annotations/grpc.go @@ -22,7 +22,7 @@ import ( "strings" pb "github.com/moul/pb/grpcbin/go-grpc" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "golang.org/x/net/context" "google.golang.org/grpc" diff --git a/test/e2e/annotations/http2pushpreload.go b/test/e2e/annotations/http2pushpreload.go index 400b77587..b15d2df17 100644 --- a/test/e2e/annotations/http2pushpreload.go +++ b/test/e2e/annotations/http2pushpreload.go @@ -19,7 +19,7 @@ package annotations import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/influxdb.go b/test/e2e/annotations/influxdb.go index 09c831f6f..7a52730cf 100644 --- a/test/e2e/annotations/influxdb.go +++ b/test/e2e/annotations/influxdb.go @@ -26,7 +26,7 @@ import ( "time" jsoniter "github.com/json-iterator/go" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/annotations/ipwhitelist.go b/test/e2e/annotations/ipwhitelist.go index 66e4de3f5..71f026c7f 100644 --- a/test/e2e/annotations/ipwhitelist.go +++ b/test/e2e/annotations/ipwhitelist.go @@ -19,7 +19,8 @@ package annotations import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" + "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/limitconnections.go b/test/e2e/annotations/limitconnections.go index 2274c574c..7d00b6df0 100644 --- a/test/e2e/annotations/limitconnections.go +++ b/test/e2e/annotations/limitconnections.go @@ -22,7 +22,7 @@ import ( "strings" "sync" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/annotations/limitrate.go b/test/e2e/annotations/limitrate.go index 8c0b06ea9..21e76dc8d 100644 --- a/test/e2e/annotations/limitrate.go +++ b/test/e2e/annotations/limitrate.go @@ -21,7 +21,7 @@ import ( "strconv" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/log.go b/test/e2e/annotations/log.go index 65dc9af57..2279729a2 100644 --- a/test/e2e/annotations/log.go +++ b/test/e2e/annotations/log.go @@ -19,7 +19,7 @@ package annotations import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/mirror.go b/test/e2e/annotations/mirror.go index e904cca1c..ad178a947 100644 --- a/test/e2e/annotations/mirror.go +++ b/test/e2e/annotations/mirror.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/modsecurity/modsecurity.go b/test/e2e/annotations/modsecurity/modsecurity.go index 4de85818d..62c9bc843 100644 --- a/test/e2e/annotations/modsecurity/modsecurity.go +++ b/test/e2e/annotations/modsecurity/modsecurity.go @@ -20,7 +20,8 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" + "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/preservetrailingslash.go b/test/e2e/annotations/preservetrailingslash.go index f9129c77e..7e27b25fa 100644 --- a/test/e2e/annotations/preservetrailingslash.go +++ b/test/e2e/annotations/preservetrailingslash.go @@ -19,7 +19,7 @@ package annotations import ( "net/http" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/proxy.go b/test/e2e/annotations/proxy.go index 1c749b4dd..c0c89eb43 100644 --- a/test/e2e/annotations/proxy.go +++ b/test/e2e/annotations/proxy.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/proxyssl.go b/test/e2e/annotations/proxyssl.go index 3672a4d81..7f14c3393 100644 --- a/test/e2e/annotations/proxyssl.go +++ b/test/e2e/annotations/proxyssl.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/annotations/redirect.go b/test/e2e/annotations/redirect.go index 84c219b71..633e2eb0b 100644 --- a/test/e2e/annotations/redirect.go +++ b/test/e2e/annotations/redirect.go @@ -22,7 +22,7 @@ import ( "strconv" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/rewrite.go b/test/e2e/annotations/rewrite.go index 667df920f..79738b984 100644 --- a/test/e2e/annotations/rewrite.go +++ b/test/e2e/annotations/rewrite.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/annotations/satisfy.go b/test/e2e/annotations/satisfy.go index 8c0f88d2f..e75464a9d 100644 --- a/test/e2e/annotations/satisfy.go +++ b/test/e2e/annotations/satisfy.go @@ -23,7 +23,7 @@ import ( "net/url" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" networking "k8s.io/api/networking/v1" diff --git a/test/e2e/annotations/serversnippet.go b/test/e2e/annotations/serversnippet.go index adba23fee..df1383bdb 100644 --- a/test/e2e/annotations/serversnippet.go +++ b/test/e2e/annotations/serversnippet.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/serviceupstream.go b/test/e2e/annotations/serviceupstream.go index c0bf37603..94ad6d346 100644 --- a/test/e2e/annotations/serviceupstream.go +++ b/test/e2e/annotations/serviceupstream.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/annotations/snippet.go b/test/e2e/annotations/snippet.go index be0e9ccf9..367708302 100644 --- a/test/e2e/annotations/snippet.go +++ b/test/e2e/annotations/snippet.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/sslciphers.go b/test/e2e/annotations/sslciphers.go index a619bf3bc..58010421d 100644 --- a/test/e2e/annotations/sslciphers.go +++ b/test/e2e/annotations/sslciphers.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/streamsnippet.go b/test/e2e/annotations/streamsnippet.go index cc9aca715..b5df50975 100644 --- a/test/e2e/annotations/streamsnippet.go +++ b/test/e2e/annotations/streamsnippet.go @@ -19,14 +19,14 @@ package annotations import ( "context" "fmt" + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - "net/http" - "strings" - - "github.com/onsi/ginkgo" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/upstreamhashby.go b/test/e2e/annotations/upstreamhashby.go index c4732a18d..023a094aa 100644 --- a/test/e2e/annotations/upstreamhashby.go +++ b/test/e2e/annotations/upstreamhashby.go @@ -22,7 +22,7 @@ import ( "regexp" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/apimachinery/pkg/util/wait" diff --git a/test/e2e/annotations/upstreamvhost.go b/test/e2e/annotations/upstreamvhost.go index a0e84726e..e091e7c9f 100644 --- a/test/e2e/annotations/upstreamvhost.go +++ b/test/e2e/annotations/upstreamvhost.go @@ -19,7 +19,7 @@ package annotations import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/annotations/xforwardedprefix.go b/test/e2e/annotations/xforwardedprefix.go index 6ae0d93c8..35f2eb426 100644 --- a/test/e2e/annotations/xforwardedprefix.go +++ b/test/e2e/annotations/xforwardedprefix.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/dbg/main.go b/test/e2e/dbg/main.go index 2e50ef6af..2df57469d 100644 --- a/test/e2e/dbg/main.go +++ b/test/e2e/dbg/main.go @@ -20,7 +20,7 @@ import ( "encoding/json" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/defaultbackend/custom_default_backend.go b/test/e2e/defaultbackend/custom_default_backend.go index f7f40ad8d..1e30b9269 100644 --- a/test/e2e/defaultbackend/custom_default_backend.go +++ b/test/e2e/defaultbackend/custom_default_backend.go @@ -22,7 +22,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/defaultbackend/default_backend.go b/test/e2e/defaultbackend/default_backend.go index 853c04ae8..e418e4687 100644 --- a/test/e2e/defaultbackend/default_backend.go +++ b/test/e2e/defaultbackend/default_backend.go @@ -20,7 +20,7 @@ import ( "net/http" "github.com/gavv/httpexpect/v2" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/defaultbackend/ssl.go b/test/e2e/defaultbackend/ssl.go index f453dd2d3..9f44e2e56 100644 --- a/test/e2e/defaultbackend/ssl.go +++ b/test/e2e/defaultbackend/ssl.go @@ -17,7 +17,7 @@ limitations under the License. package defaultbackend import ( - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/defaultbackend/with_hosts.go b/test/e2e/defaultbackend/with_hosts.go index c59b5807b..c9a2c12a7 100644 --- a/test/e2e/defaultbackend/with_hosts.go +++ b/test/e2e/defaultbackend/with_hosts.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index f96d06833..c7010b977 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -20,8 +20,7 @@ import ( "os" "testing" - "github.com/onsi/ginkgo" - "github.com/onsi/ginkgo/config" + "github.com/onsi/ginkgo/v2" "k8s.io/component-base/logs" // required @@ -62,6 +61,6 @@ func RunE2ETests(t *testing.T) { framework.Logf("Using kubectl path '%s'", framework.KubectlPath) } - framework.Logf("Starting e2e run %q on Ginkgo node %d", framework.RunID, config.GinkgoConfig.ParallelNode) + framework.Logf("Starting e2e run %q on Ginkgo node %d", framework.RunID, ginkgo.GinkgoParallelProcess()) ginkgo.RunSpecs(t, "nginx-ingress-controller e2e suite") } diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index f5da9ebe8..a87800e0a 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -22,7 +22,7 @@ import ( "os" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" diff --git a/test/e2e/framework/fastcgi_helloserver.go b/test/e2e/framework/fastcgi_helloserver.go index c757ba86f..c3e89c7f5 100644 --- a/test/e2e/framework/fastcgi_helloserver.go +++ b/test/e2e/framework/fastcgi_helloserver.go @@ -17,7 +17,7 @@ limitations under the License. package framework import ( - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index cd18a9738..ff47ffa51 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -23,7 +23,7 @@ import ( "time" "github.com/gavv/httpexpect/v2" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -161,7 +161,7 @@ func (f *Framework) AfterEach() { }() }(f.KubeClientSet, f.IngressClass) - if !ginkgo.CurrentGinkgoTestDescription().Failed { + if !ginkgo.CurrentSpecReport().Failed() { return } @@ -210,8 +210,8 @@ func DescribeSetting(text string, body func()) bool { } // MemoryLeakIt is wrapper function for ginkgo It. Adds "[MemoryLeak]" tag and makes static analysis easier. -func MemoryLeakIt(text string, body interface{}, timeout ...float64) bool { - return ginkgo.It(text+" [MemoryLeak]", body, timeout...) +func MemoryLeakIt(text string, body interface{}) bool { + return ginkgo.It(text+" [MemoryLeak]", body) } // GetNginxIP returns the number of TCP port where NGINX is running diff --git a/test/e2e/framework/grpc_fortune_teller.go b/test/e2e/framework/grpc_fortune_teller.go index 012121761..02ff3aae2 100644 --- a/test/e2e/framework/grpc_fortune_teller.go +++ b/test/e2e/framework/grpc_fortune_teller.go @@ -17,7 +17,7 @@ limitations under the License. package framework import ( - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" diff --git a/test/e2e/framework/influxdb.go b/test/e2e/framework/influxdb.go index 6721913d6..c3c0e3421 100644 --- a/test/e2e/framework/influxdb.go +++ b/test/e2e/framework/influxdb.go @@ -17,7 +17,7 @@ limitations under the License. package framework import ( - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" diff --git a/test/e2e/framework/k8s.go b/test/e2e/framework/k8s.go index 7f434beb8..ef9c522d6 100644 --- a/test/e2e/framework/k8s.go +++ b/test/e2e/framework/k8s.go @@ -22,7 +22,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" api "k8s.io/api/core/v1" diff --git a/test/e2e/framework/ssl.go b/test/e2e/framework/ssl.go index 1eea2be2b..52ceffc57 100644 --- a/test/e2e/framework/ssl.go +++ b/test/e2e/framework/ssl.go @@ -33,7 +33,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/framework/test_context.go b/test/e2e/framework/test_context.go index 0a79c894f..be4cd6e5e 100644 --- a/test/e2e/framework/test_context.go +++ b/test/e2e/framework/test_context.go @@ -18,8 +18,6 @@ package framework import ( "flag" - - "github.com/onsi/ginkgo/config" ) // TestContextType describes the client context to use in communications with the Kubernetes API. @@ -34,8 +32,6 @@ var TestContext TestContextType // registerCommonFlags registers flags common to all e2e test suites. func registerCommonFlags() { - config.GinkgoConfig.EmitSpecProgress = true - flag.StringVar(&TestContext.KubeHost, "kubernetes-host", "http://127.0.0.1:8080", "The kubernetes host, or apiserver, to connect to") //flag.StringVar(&TestContext.KubeConfig, "kubernetes-config", os.Getenv(clientcmd.RecommendedConfigPathEnvVar), "Path to config containing embedded authinfo for kubernetes. Default value is from environment variable "+clientcmd.RecommendedConfigPathEnvVar) flag.StringVar(&TestContext.KubeContext, "kubernetes-context", "", "config context to use for kubernetes. If unset, will use value from 'current-context'") diff --git a/test/e2e/framework/util.go b/test/e2e/framework/util.go index af2545b89..8f50dac98 100644 --- a/test/e2e/framework/util.go +++ b/test/e2e/framework/util.go @@ -22,7 +22,7 @@ import ( "os" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/test/e2e/gracefulshutdown/grace_period.go b/test/e2e/gracefulshutdown/grace_period.go index 95c3729a1..12e2f3d67 100644 --- a/test/e2e/gracefulshutdown/grace_period.go +++ b/test/e2e/gracefulshutdown/grace_period.go @@ -22,7 +22,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/gracefulshutdown/shutdown.go b/test/e2e/gracefulshutdown/shutdown.go index 5282d1a11..604143da8 100644 --- a/test/e2e/gracefulshutdown/shutdown.go +++ b/test/e2e/gracefulshutdown/shutdown.go @@ -21,7 +21,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/gracefulshutdown/slow_requests.go b/test/e2e/gracefulshutdown/slow_requests.go index 605e4d869..57578923c 100644 --- a/test/e2e/gracefulshutdown/slow_requests.go +++ b/test/e2e/gracefulshutdown/slow_requests.go @@ -17,7 +17,7 @@ limitations under the License. package gracefulshutdown import ( - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/ingress/deep_inspection.go b/test/e2e/ingress/deep_inspection.go index 0a4c3c539..8869665fb 100644 --- a/test/e2e/ingress/deep_inspection.go +++ b/test/e2e/ingress/deep_inspection.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/ingress/multiple_rules.go b/test/e2e/ingress/multiple_rules.go index 07f5c1427..c08f36374 100644 --- a/test/e2e/ingress/multiple_rules.go +++ b/test/e2e/ingress/multiple_rules.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" networking "k8s.io/api/networking/v1" diff --git a/test/e2e/ingress/pathtype_exact.go b/test/e2e/ingress/pathtype_exact.go index 38df19fcc..ae2902e9f 100644 --- a/test/e2e/ingress/pathtype_exact.go +++ b/test/e2e/ingress/pathtype_exact.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" networking "k8s.io/api/networking/v1" diff --git a/test/e2e/ingress/pathtype_mixed.go b/test/e2e/ingress/pathtype_mixed.go index cf2172bd1..dd183bbb4 100644 --- a/test/e2e/ingress/pathtype_mixed.go +++ b/test/e2e/ingress/pathtype_mixed.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" networking "k8s.io/api/networking/v1" diff --git a/test/e2e/ingress/pathtype_prefix.go b/test/e2e/ingress/pathtype_prefix.go index c2c7b0f8d..fa664ce27 100644 --- a/test/e2e/ingress/pathtype_prefix.go +++ b/test/e2e/ingress/pathtype_prefix.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/ingress/without_host.go b/test/e2e/ingress/without_host.go index c0c2d3b12..6ec7f5bd5 100644 --- a/test/e2e/ingress/without_host.go +++ b/test/e2e/ingress/without_host.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/leaks/lua_ssl.go b/test/e2e/leaks/lua_ssl.go index 8756a973d..8ebd05ccb 100644 --- a/test/e2e/leaks/lua_ssl.go +++ b/test/e2e/leaks/lua_ssl.go @@ -24,7 +24,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" pool "gopkg.in/go-playground/pool.v3" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/loadbalance/configmap.go b/test/e2e/loadbalance/configmap.go index ea1ead4fe..8cd47286b 100644 --- a/test/e2e/loadbalance/configmap.go +++ b/test/e2e/loadbalance/configmap.go @@ -19,7 +19,7 @@ package loadbalance import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/loadbalance/ewma.go b/test/e2e/loadbalance/ewma.go index 15289f372..e2750a09a 100644 --- a/test/e2e/loadbalance/ewma.go +++ b/test/e2e/loadbalance/ewma.go @@ -22,7 +22,7 @@ import ( "regexp" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/loadbalance/round_robin.go b/test/e2e/loadbalance/round_robin.go index bc74ba9fb..2d0582e9a 100644 --- a/test/e2e/loadbalance/round_robin.go +++ b/test/e2e/loadbalance/round_robin.go @@ -22,7 +22,7 @@ import ( "regexp" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/lua/dynamic_certificates.go b/test/e2e/lua/dynamic_certificates.go index f5585995e..0160cc9e7 100644 --- a/test/e2e/lua/dynamic_certificates.go +++ b/test/e2e/lua/dynamic_certificates.go @@ -23,7 +23,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" dto "github.com/prometheus/client_model/go" "github.com/prometheus/common/expfmt" "github.com/prometheus/common/model" diff --git a/test/e2e/lua/dynamic_configuration.go b/test/e2e/lua/dynamic_configuration.go index b382e52cc..8e9804545 100644 --- a/test/e2e/lua/dynamic_configuration.go +++ b/test/e2e/lua/dynamic_configuration.go @@ -24,7 +24,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/nginx/nginx.go b/test/e2e/nginx/nginx.go index 74a6d64be..cd14a931c 100644 --- a/test/e2e/nginx/nginx.go +++ b/test/e2e/nginx/nginx.go @@ -21,7 +21,7 @@ import ( "net/http" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/security/request_smuggling.go b/test/e2e/security/request_smuggling.go index 94ee53c64..9891480dc 100644 --- a/test/e2e/security/request_smuggling.go +++ b/test/e2e/security/request_smuggling.go @@ -23,7 +23,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/servicebackend/service_backend.go b/test/e2e/servicebackend/service_backend.go index 0467e434e..44f3d36a5 100644 --- a/test/e2e/servicebackend/service_backend.go +++ b/test/e2e/servicebackend/service_backend.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" corev1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/servicebackend/service_externalname.go b/test/e2e/servicebackend/service_externalname.go index d2a921cd3..30c4f6ba0 100644 --- a/test/e2e/servicebackend/service_externalname.go +++ b/test/e2e/servicebackend/service_externalname.go @@ -23,7 +23,7 @@ import ( "strings" "github.com/gavv/httpexpect/v2" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" diff --git a/test/e2e/servicebackend/service_nil_backend.go b/test/e2e/servicebackend/service_nil_backend.go index 864f94fbe..c44601c88 100644 --- a/test/e2e/servicebackend/service_nil_backend.go +++ b/test/e2e/servicebackend/service_nil_backend.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" corev1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/settings/access_log.go b/test/e2e/settings/access_log.go index 0e50205e5..7c7e2b9e3 100644 --- a/test/e2e/settings/access_log.go +++ b/test/e2e/settings/access_log.go @@ -19,7 +19,8 @@ package settings import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" + "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/badannotationvalues.go b/test/e2e/settings/badannotationvalues.go index cae6605cc..b4b6def4a 100644 --- a/test/e2e/settings/badannotationvalues.go +++ b/test/e2e/settings/badannotationvalues.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/brotli.go b/test/e2e/settings/brotli.go index 52092ee83..a07eb6c09 100644 --- a/test/e2e/settings/brotli.go +++ b/test/e2e/settings/brotli.go @@ -22,7 +22,7 @@ import ( "strconv" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/configmap_change.go b/test/e2e/settings/configmap_change.go index 084be1ba7..be3ab0b11 100644 --- a/test/e2e/settings/configmap_change.go +++ b/test/e2e/settings/configmap_change.go @@ -20,7 +20,7 @@ import ( "regexp" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/settings/custom_header.go b/test/e2e/settings/custom_header.go index f907e74a5..8341f7ef0 100644 --- a/test/e2e/settings/custom_header.go +++ b/test/e2e/settings/custom_header.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/settings/default_ssl_certificate.go b/test/e2e/settings/default_ssl_certificate.go index eede8ef75..ea97d4895 100644 --- a/test/e2e/settings/default_ssl_certificate.go +++ b/test/e2e/settings/default_ssl_certificate.go @@ -22,7 +22,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/settings/disable_catch_all.go b/test/e2e/settings/disable_catch_all.go index dce772f9a..0d1a14493 100644 --- a/test/e2e/settings/disable_catch_all.go +++ b/test/e2e/settings/disable_catch_all.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" networking "k8s.io/api/networking/v1" diff --git a/test/e2e/settings/disable_service_external_name.go b/test/e2e/settings/disable_service_external_name.go index d8da89d4a..03c8020b6 100644 --- a/test/e2e/settings/disable_service_external_name.go +++ b/test/e2e/settings/disable_service_external_name.go @@ -22,7 +22,7 @@ import ( "strings" "github.com/gavv/httpexpect/v2" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" diff --git a/test/e2e/settings/enable_real_ip.go b/test/e2e/settings/enable_real_ip.go index 027f4c1f8..9be2e52d9 100644 --- a/test/e2e/settings/enable_real_ip.go +++ b/test/e2e/settings/enable_real_ip.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/settings/forwarded_headers.go b/test/e2e/settings/forwarded_headers.go index b010a1c75..b929e683b 100644 --- a/test/e2e/settings/forwarded_headers.go +++ b/test/e2e/settings/forwarded_headers.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/settings/geoip2.go b/test/e2e/settings/geoip2.go index cec35f459..9b2ca8624 100644 --- a/test/e2e/settings/geoip2.go +++ b/test/e2e/settings/geoip2.go @@ -24,7 +24,7 @@ import ( "net/http" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" diff --git a/test/e2e/settings/global_access_block.go b/test/e2e/settings/global_access_block.go index 5268590b9..4d8a2b8e3 100644 --- a/test/e2e/settings/global_access_block.go +++ b/test/e2e/settings/global_access_block.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/global_external_auth.go b/test/e2e/settings/global_external_auth.go index d514080a0..c70b5a9b1 100644 --- a/test/e2e/settings/global_external_auth.go +++ b/test/e2e/settings/global_external_auth.go @@ -23,7 +23,7 @@ import ( "regexp" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/settings/global_options.go b/test/e2e/settings/global_options.go index ef0487cc5..117860d59 100644 --- a/test/e2e/settings/global_options.go +++ b/test/e2e/settings/global_options.go @@ -21,7 +21,7 @@ import ( "strings" "syscall" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/globalratelimit.go b/test/e2e/settings/globalratelimit.go index 409cd5d9c..e266350ad 100644 --- a/test/e2e/settings/globalratelimit.go +++ b/test/e2e/settings/globalratelimit.go @@ -22,7 +22,7 @@ import ( "strconv" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/hash-size.go b/test/e2e/settings/hash-size.go index 42c9241bb..6e3e0480c 100644 --- a/test/e2e/settings/hash-size.go +++ b/test/e2e/settings/hash-size.go @@ -19,7 +19,7 @@ package settings import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/ingress_class.go b/test/e2e/settings/ingress_class.go index 2372d209b..232045f3a 100644 --- a/test/e2e/settings/ingress_class.go +++ b/test/e2e/settings/ingress_class.go @@ -23,7 +23,7 @@ import ( "strings" "sync" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" networkingv1 "k8s.io/api/networking/v1" diff --git a/test/e2e/settings/keep-alive.go b/test/e2e/settings/keep-alive.go index 6ef09b78c..510a90125 100644 --- a/test/e2e/settings/keep-alive.go +++ b/test/e2e/settings/keep-alive.go @@ -21,7 +21,7 @@ import ( "regexp" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/limit_rate.go b/test/e2e/settings/limit_rate.go index d51408335..9d79dc358 100644 --- a/test/e2e/settings/limit_rate.go +++ b/test/e2e/settings/limit_rate.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/listen_nondefault_ports.go b/test/e2e/settings/listen_nondefault_ports.go index 28e0b86e9..61a128040 100644 --- a/test/e2e/settings/listen_nondefault_ports.go +++ b/test/e2e/settings/listen_nondefault_ports.go @@ -22,7 +22,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/settings/log-format.go b/test/e2e/settings/log-format.go index aaa5d0430..b43fce874 100644 --- a/test/e2e/settings/log-format.go +++ b/test/e2e/settings/log-format.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/lua_shared_dicts.go b/test/e2e/settings/lua_shared_dicts.go index 8c5ea1d33..53f999c94 100644 --- a/test/e2e/settings/lua_shared_dicts.go +++ b/test/e2e/settings/lua_shared_dicts.go @@ -19,7 +19,7 @@ package settings import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/main_snippet.go b/test/e2e/settings/main_snippet.go index 18027f199..ff14bab9d 100644 --- a/test/e2e/settings/main_snippet.go +++ b/test/e2e/settings/main_snippet.go @@ -19,7 +19,7 @@ package settings import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/modsecurity/modsecurity_snippet.go b/test/e2e/settings/modsecurity/modsecurity_snippet.go index f912db984..2dd92ced2 100644 --- a/test/e2e/settings/modsecurity/modsecurity_snippet.go +++ b/test/e2e/settings/modsecurity/modsecurity_snippet.go @@ -19,7 +19,7 @@ package modsecurity import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/multi_accept.go b/test/e2e/settings/multi_accept.go index a6b4ffd5b..211c168aa 100644 --- a/test/e2e/settings/multi_accept.go +++ b/test/e2e/settings/multi_accept.go @@ -19,7 +19,7 @@ package settings import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/namespace_selector.go b/test/e2e/settings/namespace_selector.go index 7c07a841d..a23514dca 100644 --- a/test/e2e/settings/namespace_selector.go +++ b/test/e2e/settings/namespace_selector.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/settings/no_auth_locations.go b/test/e2e/settings/no_auth_locations.go index 2d32b05d6..70ec3be8f 100644 --- a/test/e2e/settings/no_auth_locations.go +++ b/test/e2e/settings/no_auth_locations.go @@ -22,7 +22,7 @@ import ( "os/exec" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" diff --git a/test/e2e/settings/no_tls_redirect_locations.go b/test/e2e/settings/no_tls_redirect_locations.go index 64c9de516..2fca545ff 100644 --- a/test/e2e/settings/no_tls_redirect_locations.go +++ b/test/e2e/settings/no_tls_redirect_locations.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/ocsp/ocsp.go b/test/e2e/settings/ocsp/ocsp.go index 3e9852082..af84babe9 100644 --- a/test/e2e/settings/ocsp/ocsp.go +++ b/test/e2e/settings/ocsp/ocsp.go @@ -28,7 +28,7 @@ import ( "strings" "syscall" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "golang.org/x/crypto/ocsp" appsv1 "k8s.io/api/apps/v1" diff --git a/test/e2e/settings/opentracing.go b/test/e2e/settings/opentracing.go index 3ac16be78..aee01ea60 100644 --- a/test/e2e/settings/opentracing.go +++ b/test/e2e/settings/opentracing.go @@ -22,7 +22,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/settings/plugins.go b/test/e2e/settings/plugins.go index 1af04e9d2..659acd42c 100644 --- a/test/e2e/settings/plugins.go +++ b/test/e2e/settings/plugins.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/pod_security_policy.go b/test/e2e/settings/pod_security_policy.go index 75c7698d0..0e0300829 100644 --- a/test/e2e/settings/pod_security_policy.go +++ b/test/e2e/settings/pod_security_policy.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" diff --git a/test/e2e/settings/pod_security_policy_volumes.go b/test/e2e/settings/pod_security_policy_volumes.go index 384f8c46c..8af74ea60 100644 --- a/test/e2e/settings/pod_security_policy_volumes.go +++ b/test/e2e/settings/pod_security_policy_volumes.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" diff --git a/test/e2e/settings/proxy_connect_timeout.go b/test/e2e/settings/proxy_connect_timeout.go index 8d2fd5fda..1290775a5 100644 --- a/test/e2e/settings/proxy_connect_timeout.go +++ b/test/e2e/settings/proxy_connect_timeout.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/proxy_host.go b/test/e2e/settings/proxy_host.go index de72f9d5b..8f564414a 100644 --- a/test/e2e/settings/proxy_host.go +++ b/test/e2e/settings/proxy_host.go @@ -21,7 +21,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/proxy_next_upstream.go b/test/e2e/settings/proxy_next_upstream.go index bc17cd0c7..b59d5edb7 100644 --- a/test/e2e/settings/proxy_next_upstream.go +++ b/test/e2e/settings/proxy_next_upstream.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/proxy_protocol.go b/test/e2e/settings/proxy_protocol.go index 3b551d1d8..8b0e56fe4 100644 --- a/test/e2e/settings/proxy_protocol.go +++ b/test/e2e/settings/proxy_protocol.go @@ -24,7 +24,7 @@ import ( "net" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/settings/proxy_read_timeout.go b/test/e2e/settings/proxy_read_timeout.go index 41171e2c6..c84956cc9 100644 --- a/test/e2e/settings/proxy_read_timeout.go +++ b/test/e2e/settings/proxy_read_timeout.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/proxy_send_timeout.go b/test/e2e/settings/proxy_send_timeout.go index 031f4361f..886642bc0 100644 --- a/test/e2e/settings/proxy_send_timeout.go +++ b/test/e2e/settings/proxy_send_timeout.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/reuse-port.go b/test/e2e/settings/reuse-port.go index b8b2c5611..29d52c4f1 100644 --- a/test/e2e/settings/reuse-port.go +++ b/test/e2e/settings/reuse-port.go @@ -19,7 +19,7 @@ package settings import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/server_snippet.go b/test/e2e/settings/server_snippet.go index b9e172717..1577c927c 100644 --- a/test/e2e/settings/server_snippet.go +++ b/test/e2e/settings/server_snippet.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/server_tokens.go b/test/e2e/settings/server_tokens.go index e84639b08..015554f07 100644 --- a/test/e2e/settings/server_tokens.go +++ b/test/e2e/settings/server_tokens.go @@ -19,7 +19,7 @@ package settings import ( "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/settings/ssl_ciphers.go b/test/e2e/settings/ssl_ciphers.go index 9aa4b8e14..241dfc92b 100644 --- a/test/e2e/settings/ssl_ciphers.go +++ b/test/e2e/settings/ssl_ciphers.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/stream_snippet.go b/test/e2e/settings/stream_snippet.go index 90f928c23..e1552afd3 100644 --- a/test/e2e/settings/stream_snippet.go +++ b/test/e2e/settings/stream_snippet.go @@ -19,14 +19,15 @@ package settings import ( "context" "fmt" - "github.com/stretchr/testify/assert" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/ingress-nginx/test/e2e/framework" ) diff --git a/test/e2e/settings/tls.go b/test/e2e/settings/tls.go index 739e44490..a249f8bad 100644 --- a/test/e2e/settings/tls.go +++ b/test/e2e/settings/tls.go @@ -22,7 +22,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/ssl/http_redirect.go b/test/e2e/ssl/http_redirect.go index 5968397cb..982dd4f6c 100644 --- a/test/e2e/ssl/http_redirect.go +++ b/test/e2e/ssl/http_redirect.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" diff --git a/test/e2e/ssl/secret_update.go b/test/e2e/ssl/secret_update.go index 05c73b9b8..77e64c6b2 100644 --- a/test/e2e/ssl/secret_update.go +++ b/test/e2e/ssl/secret_update.go @@ -23,7 +23,7 @@ import ( "net/http" "strings" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/status/update.go b/test/e2e/status/update.go index 43d61b0e9..b512520f4 100644 --- a/test/e2e/status/update.go +++ b/test/e2e/status/update.go @@ -24,7 +24,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" diff --git a/test/e2e/tcpudp/tcp.go b/test/e2e/tcpudp/tcp.go index 553cb46d3..b62134a03 100644 --- a/test/e2e/tcpudp/tcp.go +++ b/test/e2e/tcpudp/tcp.go @@ -24,7 +24,7 @@ import ( "strings" "time" - "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" From 00ee51f09ede6d8b5e36a29380c756dd25d91fbd Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Mon, 1 Aug 2022 13:28:29 +0530 Subject: [PATCH 205/494] update to baseiamge built after CI changes (#8892) --- NGINX_BASE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NGINX_BASE b/NGINX_BASE index f0d8b2fd8..71016de7a 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:c5766dc011965f22fac2f4437e86d0fd9960a50c@sha256:94ff9b435a5f3f4570bbdaed4a3a523f63a54ce2ad6b132b5640bae2af5d9d90 +registry.k8s.io/ingress-nginx/nginx:f0490cbfbf29a7a05caaac29998dde56173ac2bb@sha256:f0d8d32a20f8c1a7c98b504a03b162931d93edd60ecc2c745917a32e9e3e92ad From 72a01bbe6e7c7fd12741d01fe2a5dd2231b3a3d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Aug 2022 05:52:29 -0700 Subject: [PATCH 206/494] Bump github/codeql-action from 2.1.16 to 2.1.17 (#8894) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.16 to 2.1.17. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/3e7e3b32d0fb8283594bb0a76cc60a00918b0969...0c670bbf0414f39666df6ce8e718ec5662c21e03) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f8bc053c9..f7e9eeae5 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # v2.1.14 + uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03 # v2.1.14 with: sarif_file: results.sarif From 4077f7e6826e10f7b9ee72b3060b3ea9eae2a54a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Aug 2022 06:58:20 -0700 Subject: [PATCH 207/494] Bump github/codeql-action from 2.1.17 to 2.1.18 (#8914) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.17 to 2.1.18. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0c670bbf0414f39666df6ce8e718ec5662c21e03...2ca79b6fa8d3ec278944088b4aa5f46912db5d63) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f7e9eeae5..26271c309 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03 # v2.1.14 + uses: github/codeql-action/upload-sarif@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 # v2.1.14 with: sarif_file: results.sarif From 534bcfb1935c0c598faad1f4362505b2a339236a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Aug 2022 07:06:19 -0700 Subject: [PATCH 208/494] Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 (#8913) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.2 to 1.13.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.12.2...v1.13.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 19 ++++++++++--------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index b6b164b09..0dcd77946 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/onsi/ginkgo/v2 v2.1.4 github.com/opencontainers/runc v1.1.3 github.com/pmezard/go-difflib v1.0.0 - github.com/prometheus/client_golang v1.12.2 + github.com/prometheus/client_golang v1.13.0 github.com/prometheus/client_model v0.2.0 github.com/prometheus/common v0.37.0 github.com/spf13/cobra v1.5.0 @@ -80,7 +80,7 @@ require ( github.com/golang/protobuf v1.5.2 // indirect github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7 // indirect github.com/google/btree v1.0.1 // indirect - github.com/google/go-cmp v0.5.6 // indirect + github.com/google/go-cmp v0.5.8 // indirect github.com/google/go-querystring v1.0.0 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect @@ -104,7 +104,7 @@ require ( github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/procfs v0.7.3 // indirect + github.com/prometheus/procfs v0.8.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/sirupsen/logrus v1.8.1 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect @@ -119,7 +119,7 @@ require ( go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect + golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect @@ -127,7 +127,7 @@ require ( golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 // indirect - google.golang.org/protobuf v1.28.0 // indirect + google.golang.org/protobuf v1.28.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 1d2446f1d..4e81b0cd7 100644 --- a/go.sum +++ b/go.sum @@ -276,8 +276,9 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -440,8 +441,6 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= -github.com/moul/pb v0.0.0-20180404114147-54bdd96e6a52 h1:8zDEa5yAIWYBHSDpPbSgGIBL/SvPSE9/FlB3aQ54d/A= -github.com/moul/pb v0.0.0-20180404114147-54bdd96e6a52/go.mod h1:jE2HT8eoucYyUPBFJMreiVlC3KPHkDMtN8wn+ef7Y64= github.com/moul/pb v0.0.0-20220425114252-bca18df4138c h1:1STmblv9zmHLDpru4dbnf1PNL6wrrZNf7yBH+SfQU+s= github.com/moul/pb v0.0.0-20220425114252-bca18df4138c/go.mod h1:jE2HT8eoucYyUPBFJMreiVlC3KPHkDMtN8wn+ef7Y64= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= @@ -499,8 +498,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34= -github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= +github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU= +github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -522,8 +521,9 @@ github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7z github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= +github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -876,8 +876,9 @@ golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= @@ -1078,8 +1079,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 0f61d9d0dca7a915fe23a4b3d52838816dc840e5 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Tue, 9 Aug 2022 00:10:19 +0530 Subject: [PATCH 209/494] updated to new images built today (#8896) --- charts/ingress-nginx/CHANGELOG.md | 5 +++ charts/ingress-nginx/Chart.yaml | 41 +------------------ charts/ingress-nginx/README.md | 6 +-- charts/ingress-nginx/values.yaml | 6 +-- deploy/static/provider/aws/1.20/deploy.yaml | 4 +- deploy/static/provider/aws/1.21/deploy.yaml | 4 +- deploy/static/provider/aws/1.22/deploy.yaml | 4 +- deploy/static/provider/aws/1.23/deploy.yaml | 4 +- deploy/static/provider/aws/1.24/deploy.yaml | 4 +- deploy/static/provider/aws/deploy.yaml | 4 +- .../nlb-with-tls-termination/1.20/deploy.yaml | 4 +- .../nlb-with-tls-termination/1.21/deploy.yaml | 4 +- .../nlb-with-tls-termination/1.22/deploy.yaml | 4 +- .../nlb-with-tls-termination/1.23/deploy.yaml | 4 +- .../nlb-with-tls-termination/1.24/deploy.yaml | 4 +- .../aws/nlb-with-tls-termination/deploy.yaml | 4 +- .../provider/baremetal/1.20/deploy.yaml | 4 +- .../provider/baremetal/1.21/deploy.yaml | 4 +- .../provider/baremetal/1.22/deploy.yaml | 4 +- .../provider/baremetal/1.23/deploy.yaml | 4 +- .../provider/baremetal/1.24/deploy.yaml | 4 +- deploy/static/provider/baremetal/deploy.yaml | 4 +- deploy/static/provider/cloud/1.20/deploy.yaml | 4 +- deploy/static/provider/cloud/1.21/deploy.yaml | 4 +- deploy/static/provider/cloud/1.22/deploy.yaml | 4 +- deploy/static/provider/cloud/1.23/deploy.yaml | 4 +- deploy/static/provider/cloud/1.24/deploy.yaml | 4 +- deploy/static/provider/cloud/deploy.yaml | 4 +- deploy/static/provider/do/1.20/deploy.yaml | 4 +- deploy/static/provider/do/1.21/deploy.yaml | 4 +- deploy/static/provider/do/1.22/deploy.yaml | 4 +- deploy/static/provider/do/1.23/deploy.yaml | 4 +- deploy/static/provider/do/1.24/deploy.yaml | 4 +- deploy/static/provider/do/deploy.yaml | 4 +- .../static/provider/exoscale/1.20/deploy.yaml | 4 +- .../static/provider/exoscale/1.21/deploy.yaml | 4 +- .../static/provider/exoscale/1.22/deploy.yaml | 4 +- .../static/provider/exoscale/1.23/deploy.yaml | 4 +- .../static/provider/exoscale/1.24/deploy.yaml | 4 +- deploy/static/provider/exoscale/deploy.yaml | 4 +- deploy/static/provider/kind/1.20/deploy.yaml | 4 +- deploy/static/provider/kind/1.21/deploy.yaml | 4 +- deploy/static/provider/kind/1.22/deploy.yaml | 4 +- deploy/static/provider/kind/1.23/deploy.yaml | 4 +- deploy/static/provider/kind/1.24/deploy.yaml | 4 +- deploy/static/provider/kind/deploy.yaml | 4 +- deploy/static/provider/scw/1.20/deploy.yaml | 4 +- deploy/static/provider/scw/1.21/deploy.yaml | 4 +- deploy/static/provider/scw/1.22/deploy.yaml | 4 +- deploy/static/provider/scw/1.23/deploy.yaml | 4 +- deploy/static/provider/scw/1.24/deploy.yaml | 4 +- deploy/static/provider/scw/deploy.yaml | 4 +- .../custom-default-backend.helm.values.yaml | 2 +- .../custom-errors/custom-default-backend.yaml | 2 +- test/e2e-image/Makefile | 2 +- test/e2e/framework/deployment.go | 2 +- test/e2e/settings/ocsp/ocsp.go | 2 +- 57 files changed, 114 insertions(+), 146 deletions(-) diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index bedb9f720..27a52e83a 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -2,6 +2,11 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 4.2.1 + +- The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1 +- "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" + ### 4.2.0 - Support for Kubernetes v1.19.0 was removed diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index d30f94fe8..0b5fa4dd1 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.0 +version: 4.2.1 appVersion: 1.3.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer @@ -26,41 +26,4 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0" - - "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name" - - "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1" - - "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16" - - "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process" - - "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix" - - "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check" - - "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16" - - "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0" - - "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process" - - "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable" - - "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15" - - "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2" - - "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format" - - "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API" - - "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide" - - "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs" - - "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14" - - "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0" - - "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5" - - "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement" - - "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver" - - "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step" - - "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha" - - "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path" - - "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases" - - "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds" - - "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps" - - "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)" - - "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard" - - "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0" - - "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2" - - "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos" - - "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it" - - "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0" - - "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0" - - "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3" - - "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1" + - "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 942cf0467..212b4f324 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.0](https://img.shields.io/badge/Version-4.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 4.2.1](https://img.shields.io/badge/Version-4.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -252,11 +252,11 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | | controller.admissionWebhooks.patch.fsGroup | int | `2000` | | -| controller.admissionWebhooks.patch.image.digest | string | `"sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660"` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | -| controller.admissionWebhooks.patch.image.tag | string | `"v1.1.1"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v1.3.0"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index cddc2c742..fed3a5b05 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -580,7 +580,7 @@ controller: extraModules: [] ## Modules, which are mounted into the core nginx image # - name: opentelemetry - # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220415-controller-v1.2.0-beta.0-2-g81c2afd97@sha256:ce61e2cf0b347dffebb2dcbf57c33891d2217c1bad9c0959c878e5be671ef941 + # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220801-g00ee51f09@sha256:482562feba02ad178411efc284f8eb803a185e3ea5588b6111ccbc20b816b427 # # The image must contain a `/usr/local/bin/init_module.sh` executable, which # will be executed as initContainers, to move its config files within the @@ -645,8 +645,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.1.1 - digest: sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + tag: v1.3.0 + digest: sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## diff --git a/deploy/static/provider/aws/1.20/deploy.yaml b/deploy/static/provider/aws/1.20/deploy.yaml index dac9dcc5f..0c826fbe4 100644 --- a/deploy/static/provider/aws/1.20/deploy.yaml +++ b/deploy/static/provider/aws/1.20/deploy.yaml @@ -533,7 +533,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -582,7 +582,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/1.21/deploy.yaml b/deploy/static/provider/aws/1.21/deploy.yaml index b681014f8..300ca7b01 100644 --- a/deploy/static/provider/aws/1.21/deploy.yaml +++ b/deploy/static/provider/aws/1.21/deploy.yaml @@ -536,7 +536,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -585,7 +585,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/1.22/deploy.yaml b/deploy/static/provider/aws/1.22/deploy.yaml index b681014f8..300ca7b01 100644 --- a/deploy/static/provider/aws/1.22/deploy.yaml +++ b/deploy/static/provider/aws/1.22/deploy.yaml @@ -536,7 +536,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -585,7 +585,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/1.23/deploy.yaml b/deploy/static/provider/aws/1.23/deploy.yaml index b681014f8..300ca7b01 100644 --- a/deploy/static/provider/aws/1.23/deploy.yaml +++ b/deploy/static/provider/aws/1.23/deploy.yaml @@ -536,7 +536,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -585,7 +585,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/1.24/deploy.yaml b/deploy/static/provider/aws/1.24/deploy.yaml index b681014f8..300ca7b01 100644 --- a/deploy/static/provider/aws/1.24/deploy.yaml +++ b/deploy/static/provider/aws/1.24/deploy.yaml @@ -536,7 +536,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -585,7 +585,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index dac9dcc5f..0c826fbe4 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -533,7 +533,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -582,7 +582,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml index 90ad0c5d8..0c84b2141 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml @@ -545,7 +545,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -594,7 +594,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml index 668494a97..7e7ce8f22 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml @@ -548,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -597,7 +597,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml index 668494a97..7e7ce8f22 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml @@ -548,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -597,7 +597,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml index 668494a97..7e7ce8f22 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml @@ -548,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -597,7 +597,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml index 668494a97..7e7ce8f22 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml @@ -548,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -597,7 +597,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 90ad0c5d8..0c84b2141 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -545,7 +545,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -594,7 +594,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/baremetal/1.20/deploy.yaml b/deploy/static/provider/baremetal/1.20/deploy.yaml index bd28be30a..4867382fd 100644 --- a/deploy/static/provider/baremetal/1.20/deploy.yaml +++ b/deploy/static/provider/baremetal/1.20/deploy.yaml @@ -527,7 +527,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -576,7 +576,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/baremetal/1.21/deploy.yaml b/deploy/static/provider/baremetal/1.21/deploy.yaml index d754ed501..e23e4b7f3 100644 --- a/deploy/static/provider/baremetal/1.21/deploy.yaml +++ b/deploy/static/provider/baremetal/1.21/deploy.yaml @@ -530,7 +530,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -579,7 +579,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/baremetal/1.22/deploy.yaml b/deploy/static/provider/baremetal/1.22/deploy.yaml index d754ed501..e23e4b7f3 100644 --- a/deploy/static/provider/baremetal/1.22/deploy.yaml +++ b/deploy/static/provider/baremetal/1.22/deploy.yaml @@ -530,7 +530,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -579,7 +579,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/baremetal/1.23/deploy.yaml b/deploy/static/provider/baremetal/1.23/deploy.yaml index d754ed501..e23e4b7f3 100644 --- a/deploy/static/provider/baremetal/1.23/deploy.yaml +++ b/deploy/static/provider/baremetal/1.23/deploy.yaml @@ -530,7 +530,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -579,7 +579,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/baremetal/1.24/deploy.yaml b/deploy/static/provider/baremetal/1.24/deploy.yaml index d754ed501..e23e4b7f3 100644 --- a/deploy/static/provider/baremetal/1.24/deploy.yaml +++ b/deploy/static/provider/baremetal/1.24/deploy.yaml @@ -530,7 +530,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -579,7 +579,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index bd28be30a..4867382fd 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -527,7 +527,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -576,7 +576,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/cloud/1.20/deploy.yaml b/deploy/static/provider/cloud/1.20/deploy.yaml index 460ab898c..583e113ca 100644 --- a/deploy/static/provider/cloud/1.20/deploy.yaml +++ b/deploy/static/provider/cloud/1.20/deploy.yaml @@ -529,7 +529,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -578,7 +578,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/cloud/1.21/deploy.yaml b/deploy/static/provider/cloud/1.21/deploy.yaml index 418556f55..77407e8a9 100644 --- a/deploy/static/provider/cloud/1.21/deploy.yaml +++ b/deploy/static/provider/cloud/1.21/deploy.yaml @@ -532,7 +532,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -581,7 +581,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/cloud/1.22/deploy.yaml b/deploy/static/provider/cloud/1.22/deploy.yaml index 418556f55..77407e8a9 100644 --- a/deploy/static/provider/cloud/1.22/deploy.yaml +++ b/deploy/static/provider/cloud/1.22/deploy.yaml @@ -532,7 +532,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -581,7 +581,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/cloud/1.23/deploy.yaml b/deploy/static/provider/cloud/1.23/deploy.yaml index 418556f55..77407e8a9 100644 --- a/deploy/static/provider/cloud/1.23/deploy.yaml +++ b/deploy/static/provider/cloud/1.23/deploy.yaml @@ -532,7 +532,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -581,7 +581,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/cloud/1.24/deploy.yaml b/deploy/static/provider/cloud/1.24/deploy.yaml index 418556f55..77407e8a9 100644 --- a/deploy/static/provider/cloud/1.24/deploy.yaml +++ b/deploy/static/provider/cloud/1.24/deploy.yaml @@ -532,7 +532,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -581,7 +581,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 460ab898c..583e113ca 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -529,7 +529,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -578,7 +578,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/do/1.20/deploy.yaml b/deploy/static/provider/do/1.20/deploy.yaml index 1008a916d..290f57345 100644 --- a/deploy/static/provider/do/1.20/deploy.yaml +++ b/deploy/static/provider/do/1.20/deploy.yaml @@ -532,7 +532,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -581,7 +581,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/do/1.21/deploy.yaml b/deploy/static/provider/do/1.21/deploy.yaml index 808fe8ad3..e35d1d7ca 100644 --- a/deploy/static/provider/do/1.21/deploy.yaml +++ b/deploy/static/provider/do/1.21/deploy.yaml @@ -535,7 +535,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -584,7 +584,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/do/1.22/deploy.yaml b/deploy/static/provider/do/1.22/deploy.yaml index 808fe8ad3..e35d1d7ca 100644 --- a/deploy/static/provider/do/1.22/deploy.yaml +++ b/deploy/static/provider/do/1.22/deploy.yaml @@ -535,7 +535,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -584,7 +584,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/do/1.23/deploy.yaml b/deploy/static/provider/do/1.23/deploy.yaml index 808fe8ad3..e35d1d7ca 100644 --- a/deploy/static/provider/do/1.23/deploy.yaml +++ b/deploy/static/provider/do/1.23/deploy.yaml @@ -535,7 +535,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -584,7 +584,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/do/1.24/deploy.yaml b/deploy/static/provider/do/1.24/deploy.yaml index 808fe8ad3..e35d1d7ca 100644 --- a/deploy/static/provider/do/1.24/deploy.yaml +++ b/deploy/static/provider/do/1.24/deploy.yaml @@ -535,7 +535,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -584,7 +584,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 1008a916d..290f57345 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -532,7 +532,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -581,7 +581,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/exoscale/1.20/deploy.yaml b/deploy/static/provider/exoscale/1.20/deploy.yaml index 090677552..4b35cf267 100644 --- a/deploy/static/provider/exoscale/1.20/deploy.yaml +++ b/deploy/static/provider/exoscale/1.20/deploy.yaml @@ -538,7 +538,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -587,7 +587,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/exoscale/1.21/deploy.yaml b/deploy/static/provider/exoscale/1.21/deploy.yaml index df8c8e114..fe9a2de7f 100644 --- a/deploy/static/provider/exoscale/1.21/deploy.yaml +++ b/deploy/static/provider/exoscale/1.21/deploy.yaml @@ -541,7 +541,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -590,7 +590,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/exoscale/1.22/deploy.yaml b/deploy/static/provider/exoscale/1.22/deploy.yaml index df8c8e114..fe9a2de7f 100644 --- a/deploy/static/provider/exoscale/1.22/deploy.yaml +++ b/deploy/static/provider/exoscale/1.22/deploy.yaml @@ -541,7 +541,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -590,7 +590,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/exoscale/1.23/deploy.yaml b/deploy/static/provider/exoscale/1.23/deploy.yaml index df8c8e114..fe9a2de7f 100644 --- a/deploy/static/provider/exoscale/1.23/deploy.yaml +++ b/deploy/static/provider/exoscale/1.23/deploy.yaml @@ -541,7 +541,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -590,7 +590,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/exoscale/1.24/deploy.yaml b/deploy/static/provider/exoscale/1.24/deploy.yaml index df8c8e114..fe9a2de7f 100644 --- a/deploy/static/provider/exoscale/1.24/deploy.yaml +++ b/deploy/static/provider/exoscale/1.24/deploy.yaml @@ -541,7 +541,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -590,7 +590,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 090677552..4b35cf267 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -538,7 +538,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -587,7 +587,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/kind/1.20/deploy.yaml b/deploy/static/provider/kind/1.20/deploy.yaml index c0a36a9ba..0a8c6ba1c 100644 --- a/deploy/static/provider/kind/1.20/deploy.yaml +++ b/deploy/static/provider/kind/1.20/deploy.yaml @@ -543,7 +543,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -592,7 +592,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/kind/1.21/deploy.yaml b/deploy/static/provider/kind/1.21/deploy.yaml index 872334ee8..5ddb9c166 100644 --- a/deploy/static/provider/kind/1.21/deploy.yaml +++ b/deploy/static/provider/kind/1.21/deploy.yaml @@ -546,7 +546,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -595,7 +595,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/kind/1.22/deploy.yaml b/deploy/static/provider/kind/1.22/deploy.yaml index 872334ee8..5ddb9c166 100644 --- a/deploy/static/provider/kind/1.22/deploy.yaml +++ b/deploy/static/provider/kind/1.22/deploy.yaml @@ -546,7 +546,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -595,7 +595,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/kind/1.23/deploy.yaml b/deploy/static/provider/kind/1.23/deploy.yaml index 872334ee8..5ddb9c166 100644 --- a/deploy/static/provider/kind/1.23/deploy.yaml +++ b/deploy/static/provider/kind/1.23/deploy.yaml @@ -546,7 +546,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -595,7 +595,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/kind/1.24/deploy.yaml b/deploy/static/provider/kind/1.24/deploy.yaml index 872334ee8..5ddb9c166 100644 --- a/deploy/static/provider/kind/1.24/deploy.yaml +++ b/deploy/static/provider/kind/1.24/deploy.yaml @@ -546,7 +546,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -595,7 +595,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index c0a36a9ba..0a8c6ba1c 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -543,7 +543,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -592,7 +592,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/scw/1.20/deploy.yaml b/deploy/static/provider/scw/1.20/deploy.yaml index 935d6f665..558caa6e7 100644 --- a/deploy/static/provider/scw/1.20/deploy.yaml +++ b/deploy/static/provider/scw/1.20/deploy.yaml @@ -532,7 +532,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -581,7 +581,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/scw/1.21/deploy.yaml b/deploy/static/provider/scw/1.21/deploy.yaml index fbfab1db6..2dba2dc51 100644 --- a/deploy/static/provider/scw/1.21/deploy.yaml +++ b/deploy/static/provider/scw/1.21/deploy.yaml @@ -535,7 +535,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -584,7 +584,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/scw/1.22/deploy.yaml b/deploy/static/provider/scw/1.22/deploy.yaml index fbfab1db6..2dba2dc51 100644 --- a/deploy/static/provider/scw/1.22/deploy.yaml +++ b/deploy/static/provider/scw/1.22/deploy.yaml @@ -535,7 +535,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -584,7 +584,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/scw/1.23/deploy.yaml b/deploy/static/provider/scw/1.23/deploy.yaml index fbfab1db6..2dba2dc51 100644 --- a/deploy/static/provider/scw/1.23/deploy.yaml +++ b/deploy/static/provider/scw/1.23/deploy.yaml @@ -535,7 +535,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -584,7 +584,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/scw/1.24/deploy.yaml b/deploy/static/provider/scw/1.24/deploy.yaml index fbfab1db6..2dba2dc51 100644 --- a/deploy/static/provider/scw/1.24/deploy.yaml +++ b/deploy/static/provider/scw/1.24/deploy.yaml @@ -535,7 +535,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -584,7 +584,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 935d6f665..558caa6e7 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -532,7 +532,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: create securityContext: @@ -581,7 +581,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 imagePullPolicy: IfNotPresent name: patch securityContext: diff --git a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml index 2cf866c11..3d93935e4 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml @@ -6,7 +6,7 @@ defaultBackend: image: registry: registry.k8s.io image: ingress-nginx/nginx-errors - tag: "0.48.1" + tag: "1.3.0" extraVolumes: - name: custom-error-pages configMap: diff --git a/docs/examples/customization/custom-errors/custom-default-backend.yaml b/docs/examples/customization/custom-errors/custom-default-backend.yaml index fb4f899a0..318e318f5 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml @@ -36,7 +36,7 @@ spec: spec: containers: - name: nginx-error-server - image: registry.k8s.io/ingress-nginx/nginx-errors:0.49.0 + image: registry.k8s.io/ingress-nginx/nginx-errors:1.3.0 ports: - containerPort: 8080 # Setting the environment variable DEBUG we can see the headers sent diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 9a81e06cc..a9c6db7c5 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="k8s.gcr.io/ingress-nginx/e2e-test-runner:v20220726-controller-v1.3.0-29-gfe116d62c@sha256:0a199f7b8d4e84026b08c989d9058f3c9b7936af4e2487a6be1ff9077b684d0c" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220801-g00ee51f09@sha256:795923c427f6dda855338c654448b4348fb845db152fbcad9cd8d186385d01c4" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index a87800e0a..7d79f1bff 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -78,7 +78,7 @@ func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { o(options) } - deployment := newDeployment(options.name, options.namespace, "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:05948cf43aa41050943b2c887adcc2f7630893b391c1201e99a6c12ed06ba51b", 80, int32(options.replicas), + deployment := newDeployment(options.name, options.namespace, "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:f45fb156e1488ae29aa5e98d2faf8731c79bc5a19c2f39a3c4069566ba629a78", 80, int32(options.replicas), nil, []corev1.VolumeMount{}, []corev1.Volume{}, diff --git a/test/e2e/settings/ocsp/ocsp.go b/test/e2e/settings/ocsp/ocsp.go index af84babe9..83eeab46e 100644 --- a/test/e2e/settings/ocsp/ocsp.go +++ b/test/e2e/settings/ocsp/ocsp.go @@ -292,7 +292,7 @@ func ocspserveDeployment(namespace string) (*appsv1.Deployment, *corev1.Service) Containers: []corev1.Container{ { Name: name, - Image: "registry.k8s.io/ingress-nginx/e2e-test-cfssl@sha256:be2f69024f7b7053f35b86677de16bdaa5d3ff0f81b17581ef0b0c6804188b03", + Image: "registry.k8s.io/ingress-nginx/e2e-test-cfssl@sha256:c0bd134f1c7190079180e6d4fa2ba64c049961a49b96db20aa39fabc896d26d5", Command: []string{ "/bin/bash", "-c", From 13639b5ad7fea7c46e67dfd384af6c3c04b03c2c Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 1 Aug 2022 09:05:26 -0400 Subject: [PATCH 210/494] add scanning to CI Signed-off-by: James Strong --- .github/workflows/vulnerability-scans.yaml | 82 ++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 .github/workflows/vulnerability-scans.yaml diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml new file mode 100644 index 000000000..f7130b980 --- /dev/null +++ b/.github/workflows/vulnerability-scans.yaml @@ -0,0 +1,82 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Vulnerability Scan + +on: + workflow_dispatch: + release: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '00 9 * * 1' + +permissions: + contents: read + +jobs: + + version: + runs-on: ubuntu-latest + outputs: + versions: ${{ steps.version.outputs.TAGS }} + steps: + - name: Checkout code + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + with: + fetch-depth: 0 + + - name: Latest Tag + id: version + shell: bash + run: | + readarray -t TAGS_ARRAY <<<"$(git tag --list 'controller-v*.*.*' --sort=-version:refname | grep -v 'beta\|alpha')" + echo "${TAGS_ARRAY[0]},${TAGS_ARRAY[1]},${TAGS_ARRAY[2]}" + TAGS_JSON="[\"${TAGS_ARRAY[0]}\",\"${TAGS_ARRAY[1]}\",\"${TAGS_ARRAY[2]}\"]" + echo "${TAGS_JSON}" + echo "::set-output name=TAGS::${TAGS_JSON}" + + scan: + runs-on: ubuntu-latest + needs: version + strategy: + matrix: + versions: ${{ fromJSON(needs.version.outputs.versions) }} + steps: + + - shell: bash + id: test + run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" + + - name: Scan image with AquaSec/Trivy + id: scan + if: inputs.RUN_TRIVY == 'true' + uses: aquasecurity/trivy-action@0105373003c89c494a3f436bd5efc57f3ac1ca20 #v0.5.1 + with: + image-ref: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }} + format: 'sarif' + output: trivy-results-${{ matrix.versions }}.sarif + exit-code: 0 + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' + + # This step checks out a copy of your repository. + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: trivy-results-${{ matrix.versions }}.sarif + + - name: Image Vulnerability scan output + env: + TRIVY_COUNT: ${{ steps.trivy-scan.outputs.TRIVY_COUNT }} + run: | + echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY + echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY From 069ac3a0d64f44b3206f2a3745c6a518284a1153 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 8 Aug 2022 15:40:06 -0700 Subject: [PATCH 211/494] remove var Signed-off-by: James Strong --- .github/workflows/vulnerability-scans.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index f7130b980..3bba363da 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -55,7 +55,6 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - if: inputs.RUN_TRIVY == 'true' uses: aquasecurity/trivy-action@0105373003c89c494a3f436bd5efc57f3ac1ca20 #v0.5.1 with: image-ref: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }} From 932320cf44ee4fba253f041f70083eaca558a9d2 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 8 Aug 2022 16:01:27 -0700 Subject: [PATCH 212/494] need short tags Signed-off-by: James Strong --- .github/workflows/vulnerability-scans.yaml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 3bba363da..ee4a5b145 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -36,8 +36,16 @@ jobs: shell: bash run: | readarray -t TAGS_ARRAY <<<"$(git tag --list 'controller-v*.*.*' --sort=-version:refname | grep -v 'beta\|alpha')" - echo "${TAGS_ARRAY[0]},${TAGS_ARRAY[1]},${TAGS_ARRAY[2]}" - TAGS_JSON="[\"${TAGS_ARRAY[0]}\",\"${TAGS_ARRAY[1]}\",\"${TAGS_ARRAY[2]}\"]" + FULL_TAGS=(${TAGS_ARRAY[0]} ${TAGS_ARRAY[1]} ${TAGS_ARRAY[2]}) + SHORT_TAGS=() + for i in ${FULL_TAGS[@]} + do + echo "tag: $i" + short=$(echo "$i" | cut -d - -f 2) + SHORT_TAGS+=($short) + done + echo "${SHORT_TAGS[0]},${SHORT_TAGS[1]},${SHORT_TAGS[2]}" + TAGS_JSON="[\"${SHORT_TAGS[0]}\",\"${SHORT_TAGS[1]}\",\"${SHORT_TAGS[2]}\"]" echo "${TAGS_JSON}" echo "::set-output name=TAGS::${TAGS_JSON}" @@ -57,7 +65,7 @@ jobs: id: scan uses: aquasecurity/trivy-action@0105373003c89c494a3f436bd5efc57f3ac1ca20 #v0.5.1 with: - image-ref: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }} + image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' output: trivy-results-${{ matrix.versions }}.sarif exit-code: 0 From ebb83086540f35c453dd53ee8ac95a00a883df91 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 8 Aug 2022 16:17:24 -0700 Subject: [PATCH 213/494] it seems sarif upload needs git information Signed-off-by: James Strong --- .github/workflows/vulnerability-scans.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index ee4a5b145..8e588a6d6 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -72,6 +72,9 @@ jobs: vuln-type: 'os,library' severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' + - name: Checkout code + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + # This step checks out a copy of your repository. - name: Upload SARIF file uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03 @@ -79,10 +82,11 @@ jobs: # Path to SARIF file relative to the root of the repository sarif_file: trivy-results-${{ matrix.versions }}.sarif - - name: Image Vulnerability scan output - env: - TRIVY_COUNT: ${{ steps.trivy-scan.outputs.TRIVY_COUNT }} + - name: Vulz Count + shell: bash run: | + TRIVY_COUNT=$(cat trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length') + echo "TRIVY_COUNT: $TRIVY_COUNT" echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY From 9162fe0aa82996ca0e4988833c0d3d5626123e03 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 8 Aug 2022 16:39:32 -0700 Subject: [PATCH 214/494] fix permissions Signed-off-by: James Strong --- .github/workflows/vulnerability-scans.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 8e588a6d6..2f3374265 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -18,9 +18,9 @@ on: permissions: contents: read + security-events: write jobs: - version: runs-on: ubuntu-latest outputs: @@ -56,7 +56,6 @@ jobs: matrix: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - - shell: bash id: test run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" From e55a84e8a031fe665e2aecac57ac4668b7debf21 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 8 Aug 2022 16:40:30 -0700 Subject: [PATCH 215/494] testing output of sarif file Signed-off-by: James Strong --- .github/workflows/vulnerability-scans.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 2f3374265..bcf6921a5 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -71,6 +71,10 @@ jobs: vuln-type: 'os,library' severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' + - name: Output Sarif File + shell: bash + run: cat trivy-results-${{ matrix.versions }}.sarif + - name: Checkout code uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b From 1d2fa93856ac89ffeee621ec0b8228cb49b93396 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 8 Aug 2022 17:04:59 -0700 Subject: [PATCH 216/494] sarif upload issues Signed-off-by: James Strong --- .github/workflows/vulnerability-scans.yaml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index bcf6921a5..3321e1851 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -56,6 +56,9 @@ jobs: matrix: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: + - name: Checkout code + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + - shell: bash id: test run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" @@ -66,29 +69,27 @@ jobs: with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' - output: trivy-results-${{ matrix.versions }}.sarif + output: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif exit-code: 0 vuln-type: 'os,library' severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' - name: Output Sarif File shell: bash - run: cat trivy-results-${{ matrix.versions }}.sarif - - - name: Checkout code - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif # This step checks out a copy of your repository. - name: Upload SARIF file uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03 with: + token: ${{ github.token }} # Path to SARIF file relative to the root of the repository - sarif_file: trivy-results-${{ matrix.versions }}.sarif + sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif - name: Vulz Count shell: bash run: | - TRIVY_COUNT=$(cat trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length') + TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length') echo "TRIVY_COUNT: $TRIVY_COUNT" echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY From 0c343c8a7778d7a588bfc07aff62786bb58dd97f Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 8 Aug 2022 17:08:21 -0700 Subject: [PATCH 217/494] stesting pathing --- .github/workflows/vulnerability-scans.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 3321e1851..811063bb5 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -69,7 +69,7 @@ jobs: with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' - output: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif + output: trivy-results-${{ matrix.versions }}.sarif exit-code: 0 vuln-type: 'os,library' severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' From ead3c2bc95c6852b97139d2d80bff1c4a9c565a5 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 8 Aug 2022 17:14:13 -0700 Subject: [PATCH 218/494] remove on pushes Signed-off-by: James Strong --- .github/workflows/vulnerability-scans.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 811063bb5..82cc99888 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -8,11 +8,6 @@ name: Vulnerability Scan on: workflow_dispatch: release: - push: - branches: [ "main" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "main" ] schedule: - cron: '00 9 * * 1' From c85765a015ea6709d161eccd42ef6134981c04b4 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Tue, 9 Aug 2022 20:30:37 +0300 Subject: [PATCH 219/494] Improve `hack/generate-deploy-scripts.sh` to no longer generate versioned manifests (#8877) * feat: no longer generate versioned manifests Updates the script to no longer generate multiple versioned deploy manifests. The script will only generate the manifests for one given version of Kubernetes. See: https://github.com/kubernetes/ingress-nginx/issues/8824 Signed-off-by: Ismayil Mirzali * fix: delete unnecessary versioned deploy manifests See: https://github.com/kubernetes/ingress-nginx/issues/8824 Signed-off-by: Ismayil Mirzali --- deploy/static/provider/aws/1.20/deploy.yaml | 643 ----------------- .../provider/aws/1.20/kustomization.yaml | 11 - deploy/static/provider/aws/1.21/deploy.yaml | 646 ----------------- .../provider/aws/1.21/kustomization.yaml | 11 - deploy/static/provider/aws/1.22/deploy.yaml | 646 ----------------- .../provider/aws/1.22/kustomization.yaml | 11 - deploy/static/provider/aws/1.23/deploy.yaml | 646 ----------------- .../provider/aws/1.23/kustomization.yaml | 11 - deploy/static/provider/aws/1.24/deploy.yaml | 646 ----------------- .../provider/aws/1.24/kustomization.yaml | 11 - deploy/static/provider/aws/deploy.yaml | 3 + .../nlb-with-tls-termination/1.20/deploy.yaml | 655 ----------------- .../1.20/kustomization.yaml | 11 - .../nlb-with-tls-termination/1.21/deploy.yaml | 658 ------------------ .../1.21/kustomization.yaml | 11 - .../nlb-with-tls-termination/1.22/deploy.yaml | 658 ------------------ .../1.22/kustomization.yaml | 11 - .../nlb-with-tls-termination/1.23/deploy.yaml | 658 ------------------ .../1.23/kustomization.yaml | 11 - .../nlb-with-tls-termination/1.24/deploy.yaml | 658 ------------------ .../1.24/kustomization.yaml | 11 - .../aws/nlb-with-tls-termination/deploy.yaml | 3 + .../provider/baremetal/1.20/deploy.yaml | 637 ----------------- .../baremetal/1.20/kustomization.yaml | 11 - .../provider/baremetal/1.21/deploy.yaml | 640 ----------------- .../baremetal/1.21/kustomization.yaml | 11 - .../provider/baremetal/1.22/deploy.yaml | 640 ----------------- .../baremetal/1.22/kustomization.yaml | 11 - .../provider/baremetal/1.23/deploy.yaml | 640 ----------------- .../baremetal/1.23/kustomization.yaml | 11 - .../provider/baremetal/1.24/deploy.yaml | 640 ----------------- .../baremetal/1.24/kustomization.yaml | 11 - deploy/static/provider/baremetal/deploy.yaml | 3 + deploy/static/provider/cloud/1.20/deploy.yaml | 639 ----------------- .../provider/cloud/1.20/kustomization.yaml | 11 - deploy/static/provider/cloud/1.21/deploy.yaml | 642 ----------------- .../provider/cloud/1.21/kustomization.yaml | 11 - deploy/static/provider/cloud/1.22/deploy.yaml | 642 ----------------- .../provider/cloud/1.22/kustomization.yaml | 11 - deploy/static/provider/cloud/1.23/deploy.yaml | 642 ----------------- .../provider/cloud/1.23/kustomization.yaml | 11 - deploy/static/provider/cloud/1.24/deploy.yaml | 642 ----------------- .../provider/cloud/1.24/kustomization.yaml | 11 - deploy/static/provider/cloud/deploy.yaml | 3 + deploy/static/provider/do/1.20/deploy.yaml | 643 ----------------- .../provider/do/1.20/kustomization.yaml | 11 - deploy/static/provider/do/1.21/deploy.yaml | 646 ----------------- .../provider/do/1.21/kustomization.yaml | 11 - deploy/static/provider/do/1.22/deploy.yaml | 646 ----------------- .../provider/do/1.22/kustomization.yaml | 11 - deploy/static/provider/do/1.23/deploy.yaml | 646 ----------------- .../provider/do/1.23/kustomization.yaml | 11 - deploy/static/provider/do/1.24/deploy.yaml | 646 ----------------- .../provider/do/1.24/kustomization.yaml | 11 - deploy/static/provider/do/deploy.yaml | 3 + .../static/provider/exoscale/1.20/deploy.yaml | 648 ----------------- .../provider/exoscale/1.20/kustomization.yaml | 11 - .../static/provider/exoscale/1.21/deploy.yaml | 651 ----------------- .../provider/exoscale/1.21/kustomization.yaml | 11 - .../static/provider/exoscale/1.22/deploy.yaml | 651 ----------------- .../provider/exoscale/1.22/kustomization.yaml | 11 - .../static/provider/exoscale/1.23/deploy.yaml | 651 ----------------- .../provider/exoscale/1.23/kustomization.yaml | 11 - .../static/provider/exoscale/1.24/deploy.yaml | 651 ----------------- .../provider/exoscale/1.24/kustomization.yaml | 11 - deploy/static/provider/exoscale/deploy.yaml | 3 + deploy/static/provider/kind/1.20/deploy.yaml | 653 ----------------- .../provider/kind/1.20/kustomization.yaml | 11 - deploy/static/provider/kind/1.21/deploy.yaml | 656 ----------------- .../provider/kind/1.21/kustomization.yaml | 11 - deploy/static/provider/kind/1.22/deploy.yaml | 656 ----------------- .../provider/kind/1.22/kustomization.yaml | 11 - deploy/static/provider/kind/1.23/deploy.yaml | 656 ----------------- .../provider/kind/1.23/kustomization.yaml | 11 - deploy/static/provider/kind/1.24/deploy.yaml | 656 ----------------- .../provider/kind/1.24/kustomization.yaml | 11 - deploy/static/provider/kind/deploy.yaml | 3 + deploy/static/provider/scw/1.20/deploy.yaml | 642 ----------------- .../provider/scw/1.20/kustomization.yaml | 11 - deploy/static/provider/scw/1.21/deploy.yaml | 645 ----------------- .../provider/scw/1.21/kustomization.yaml | 11 - deploy/static/provider/scw/1.22/deploy.yaml | 645 ----------------- .../provider/scw/1.22/kustomization.yaml | 11 - deploy/static/provider/scw/1.23/deploy.yaml | 645 ----------------- .../provider/scw/1.23/kustomization.yaml | 11 - deploy/static/provider/scw/1.24/deploy.yaml | 645 ----------------- .../provider/scw/1.24/kustomization.yaml | 11 - deploy/static/provider/scw/deploy.yaml | 3 + hack/generate-deploy-scripts.sh | 57 +- 89 files changed, 45 insertions(+), 26372 deletions(-) delete mode 100644 deploy/static/provider/aws/1.20/deploy.yaml delete mode 100644 deploy/static/provider/aws/1.20/kustomization.yaml delete mode 100644 deploy/static/provider/aws/1.21/deploy.yaml delete mode 100644 deploy/static/provider/aws/1.21/kustomization.yaml delete mode 100644 deploy/static/provider/aws/1.22/deploy.yaml delete mode 100644 deploy/static/provider/aws/1.22/kustomization.yaml delete mode 100644 deploy/static/provider/aws/1.23/deploy.yaml delete mode 100644 deploy/static/provider/aws/1.23/kustomization.yaml delete mode 100644 deploy/static/provider/aws/1.24/deploy.yaml delete mode 100644 deploy/static/provider/aws/1.24/kustomization.yaml delete mode 100644 deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml delete mode 100644 deploy/static/provider/aws/nlb-with-tls-termination/1.20/kustomization.yaml delete mode 100644 deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml delete mode 100644 deploy/static/provider/aws/nlb-with-tls-termination/1.21/kustomization.yaml delete mode 100644 deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml delete mode 100644 deploy/static/provider/aws/nlb-with-tls-termination/1.22/kustomization.yaml delete mode 100644 deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml delete mode 100644 deploy/static/provider/aws/nlb-with-tls-termination/1.23/kustomization.yaml delete mode 100644 deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml delete mode 100644 deploy/static/provider/aws/nlb-with-tls-termination/1.24/kustomization.yaml delete mode 100644 deploy/static/provider/baremetal/1.20/deploy.yaml delete mode 100644 deploy/static/provider/baremetal/1.20/kustomization.yaml delete mode 100644 deploy/static/provider/baremetal/1.21/deploy.yaml delete mode 100644 deploy/static/provider/baremetal/1.21/kustomization.yaml delete mode 100644 deploy/static/provider/baremetal/1.22/deploy.yaml delete mode 100644 deploy/static/provider/baremetal/1.22/kustomization.yaml delete mode 100644 deploy/static/provider/baremetal/1.23/deploy.yaml delete mode 100644 deploy/static/provider/baremetal/1.23/kustomization.yaml delete mode 100644 deploy/static/provider/baremetal/1.24/deploy.yaml delete mode 100644 deploy/static/provider/baremetal/1.24/kustomization.yaml delete mode 100644 deploy/static/provider/cloud/1.20/deploy.yaml delete mode 100644 deploy/static/provider/cloud/1.20/kustomization.yaml delete mode 100644 deploy/static/provider/cloud/1.21/deploy.yaml delete mode 100644 deploy/static/provider/cloud/1.21/kustomization.yaml delete mode 100644 deploy/static/provider/cloud/1.22/deploy.yaml delete mode 100644 deploy/static/provider/cloud/1.22/kustomization.yaml delete mode 100644 deploy/static/provider/cloud/1.23/deploy.yaml delete mode 100644 deploy/static/provider/cloud/1.23/kustomization.yaml delete mode 100644 deploy/static/provider/cloud/1.24/deploy.yaml delete mode 100644 deploy/static/provider/cloud/1.24/kustomization.yaml delete mode 100644 deploy/static/provider/do/1.20/deploy.yaml delete mode 100644 deploy/static/provider/do/1.20/kustomization.yaml delete mode 100644 deploy/static/provider/do/1.21/deploy.yaml delete mode 100644 deploy/static/provider/do/1.21/kustomization.yaml delete mode 100644 deploy/static/provider/do/1.22/deploy.yaml delete mode 100644 deploy/static/provider/do/1.22/kustomization.yaml delete mode 100644 deploy/static/provider/do/1.23/deploy.yaml delete mode 100644 deploy/static/provider/do/1.23/kustomization.yaml delete mode 100644 deploy/static/provider/do/1.24/deploy.yaml delete mode 100644 deploy/static/provider/do/1.24/kustomization.yaml delete mode 100644 deploy/static/provider/exoscale/1.20/deploy.yaml delete mode 100644 deploy/static/provider/exoscale/1.20/kustomization.yaml delete mode 100644 deploy/static/provider/exoscale/1.21/deploy.yaml delete mode 100644 deploy/static/provider/exoscale/1.21/kustomization.yaml delete mode 100644 deploy/static/provider/exoscale/1.22/deploy.yaml delete mode 100644 deploy/static/provider/exoscale/1.22/kustomization.yaml delete mode 100644 deploy/static/provider/exoscale/1.23/deploy.yaml delete mode 100644 deploy/static/provider/exoscale/1.23/kustomization.yaml delete mode 100644 deploy/static/provider/exoscale/1.24/deploy.yaml delete mode 100644 deploy/static/provider/exoscale/1.24/kustomization.yaml delete mode 100644 deploy/static/provider/kind/1.20/deploy.yaml delete mode 100644 deploy/static/provider/kind/1.20/kustomization.yaml delete mode 100644 deploy/static/provider/kind/1.21/deploy.yaml delete mode 100644 deploy/static/provider/kind/1.21/kustomization.yaml delete mode 100644 deploy/static/provider/kind/1.22/deploy.yaml delete mode 100644 deploy/static/provider/kind/1.22/kustomization.yaml delete mode 100644 deploy/static/provider/kind/1.23/deploy.yaml delete mode 100644 deploy/static/provider/kind/1.23/kustomization.yaml delete mode 100644 deploy/static/provider/kind/1.24/deploy.yaml delete mode 100644 deploy/static/provider/kind/1.24/kustomization.yaml delete mode 100644 deploy/static/provider/scw/1.20/deploy.yaml delete mode 100644 deploy/static/provider/scw/1.20/kustomization.yaml delete mode 100644 deploy/static/provider/scw/1.21/deploy.yaml delete mode 100644 deploy/static/provider/scw/1.21/kustomization.yaml delete mode 100644 deploy/static/provider/scw/1.22/deploy.yaml delete mode 100644 deploy/static/provider/scw/1.22/kustomization.yaml delete mode 100644 deploy/static/provider/scw/1.23/deploy.yaml delete mode 100644 deploy/static/provider/scw/1.23/kustomization.yaml delete mode 100644 deploy/static/provider/scw/1.24/deploy.yaml delete mode 100644 deploy/static/provider/scw/1.24/kustomization.yaml diff --git a/deploy/static/provider/aws/1.20/deploy.yaml b/deploy/static/provider/aws/1.20/deploy.yaml deleted file mode 100644 index 0c826fbe4..000000000 --- a/deploy/static/provider/aws/1.20/deploy.yaml +++ /dev/null @@ -1,643 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/aws/1.20/kustomization.yaml b/deploy/static/provider/aws/1.20/kustomization.yaml deleted file mode 100644 index 18c6bb6a3..000000000 --- a/deploy/static/provider/aws/1.20/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/aws/1.21/deploy.yaml b/deploy/static/provider/aws/1.21/deploy.yaml deleted file mode 100644 index 300ca7b01..000000000 --- a/deploy/static/provider/aws/1.21/deploy.yaml +++ /dev/null @@ -1,646 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/aws/1.21/kustomization.yaml b/deploy/static/provider/aws/1.21/kustomization.yaml deleted file mode 100644 index 18c6bb6a3..000000000 --- a/deploy/static/provider/aws/1.21/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/aws/1.22/deploy.yaml b/deploy/static/provider/aws/1.22/deploy.yaml deleted file mode 100644 index 300ca7b01..000000000 --- a/deploy/static/provider/aws/1.22/deploy.yaml +++ /dev/null @@ -1,646 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/aws/1.22/kustomization.yaml b/deploy/static/provider/aws/1.22/kustomization.yaml deleted file mode 100644 index 18c6bb6a3..000000000 --- a/deploy/static/provider/aws/1.22/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/aws/1.23/deploy.yaml b/deploy/static/provider/aws/1.23/deploy.yaml deleted file mode 100644 index 300ca7b01..000000000 --- a/deploy/static/provider/aws/1.23/deploy.yaml +++ /dev/null @@ -1,646 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/aws/1.23/kustomization.yaml b/deploy/static/provider/aws/1.23/kustomization.yaml deleted file mode 100644 index 18c6bb6a3..000000000 --- a/deploy/static/provider/aws/1.23/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/aws/1.24/deploy.yaml b/deploy/static/provider/aws/1.24/deploy.yaml deleted file mode 100644 index 300ca7b01..000000000 --- a/deploy/static/provider/aws/1.24/deploy.yaml +++ /dev/null @@ -1,646 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/aws/1.24/kustomization.yaml b/deploy/static/provider/aws/1.24/kustomization.yaml deleted file mode 100644 index 18c6bb6a3..000000000 --- a/deploy/static/provider/aws/1.24/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 0c826fbe4..300ca7b01 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -348,6 +348,9 @@ metadata: namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml deleted file mode 100644 index 0c84b2141..000000000 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/deploy.yaml +++ /dev/null @@ -1,655 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - http-snippet: | - server { - listen 2443; - return 308 https://$host$request_uri; - } - proxy-real-ip-cidr: XXX.XXX.XXX/XX - use-forwarded-headers: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: tohttps - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 80 - name: https - protocol: TCP - - containerPort: 2443 - name: tohttps - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.20/kustomization.yaml deleted file mode 100644 index 51c1513c9..000000000 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.20/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml deleted file mode 100644 index 7e7ce8f22..000000000 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/deploy.yaml +++ /dev/null @@ -1,658 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - http-snippet: | - server { - listen 2443; - return 308 https://$host$request_uri; - } - proxy-real-ip-cidr: XXX.XXX.XXX/XX - use-forwarded-headers: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: tohttps - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 80 - name: https - protocol: TCP - - containerPort: 2443 - name: tohttps - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.21/kustomization.yaml deleted file mode 100644 index 51c1513c9..000000000 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.21/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml deleted file mode 100644 index 7e7ce8f22..000000000 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/deploy.yaml +++ /dev/null @@ -1,658 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - http-snippet: | - server { - listen 2443; - return 308 https://$host$request_uri; - } - proxy-real-ip-cidr: XXX.XXX.XXX/XX - use-forwarded-headers: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: tohttps - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 80 - name: https - protocol: TCP - - containerPort: 2443 - name: tohttps - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.22/kustomization.yaml deleted file mode 100644 index 51c1513c9..000000000 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.22/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml deleted file mode 100644 index 7e7ce8f22..000000000 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/deploy.yaml +++ /dev/null @@ -1,658 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - http-snippet: | - server { - listen 2443; - return 308 https://$host$request_uri; - } - proxy-real-ip-cidr: XXX.XXX.XXX/XX - use-forwarded-headers: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: tohttps - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 80 - name: https - protocol: TCP - - containerPort: 2443 - name: tohttps - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.23/kustomization.yaml deleted file mode 100644 index 51c1513c9..000000000 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.23/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml deleted file mode 100644 index 7e7ce8f22..000000000 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.24/deploy.yaml +++ /dev/null @@ -1,658 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - http-snippet: | - server { - listen 2443; - return 308 https://$host$request_uri; - } - proxy-real-ip-cidr: XXX.XXX.XXX/XX - use-forwarded-headers: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: tohttps - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 80 - name: https - protocol: TCP - - containerPort: 2443 - name: tohttps - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/1.24/kustomization.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/1.24/kustomization.yaml deleted file mode 100644 index 51c1513c9..000000000 --- a/deploy/static/provider/aws/nlb-with-tls-termination/1.24/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/aws/nlb-with-tls-termination -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 0c84b2141..7e7ce8f22 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -357,6 +357,9 @@ metadata: namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http diff --git a/deploy/static/provider/baremetal/1.20/deploy.yaml b/deploy/static/provider/baremetal/1.20/deploy.yaml deleted file mode 100644 index 4867382fd..000000000 --- a/deploy/static/provider/baremetal/1.20/deploy.yaml +++ /dev/null @@ -1,637 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/baremetal/1.20/kustomization.yaml b/deploy/static/provider/baremetal/1.20/kustomization.yaml deleted file mode 100644 index d585f85c6..000000000 --- a/deploy/static/provider/baremetal/1.20/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/baremetal/1.21/deploy.yaml b/deploy/static/provider/baremetal/1.21/deploy.yaml deleted file mode 100644 index e23e4b7f3..000000000 --- a/deploy/static/provider/baremetal/1.21/deploy.yaml +++ /dev/null @@ -1,640 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/baremetal/1.21/kustomization.yaml b/deploy/static/provider/baremetal/1.21/kustomization.yaml deleted file mode 100644 index d585f85c6..000000000 --- a/deploy/static/provider/baremetal/1.21/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/baremetal/1.22/deploy.yaml b/deploy/static/provider/baremetal/1.22/deploy.yaml deleted file mode 100644 index e23e4b7f3..000000000 --- a/deploy/static/provider/baremetal/1.22/deploy.yaml +++ /dev/null @@ -1,640 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/baremetal/1.22/kustomization.yaml b/deploy/static/provider/baremetal/1.22/kustomization.yaml deleted file mode 100644 index d585f85c6..000000000 --- a/deploy/static/provider/baremetal/1.22/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/baremetal/1.23/deploy.yaml b/deploy/static/provider/baremetal/1.23/deploy.yaml deleted file mode 100644 index e23e4b7f3..000000000 --- a/deploy/static/provider/baremetal/1.23/deploy.yaml +++ /dev/null @@ -1,640 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/baremetal/1.23/kustomization.yaml b/deploy/static/provider/baremetal/1.23/kustomization.yaml deleted file mode 100644 index d585f85c6..000000000 --- a/deploy/static/provider/baremetal/1.23/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/baremetal/1.24/deploy.yaml b/deploy/static/provider/baremetal/1.24/deploy.yaml deleted file mode 100644 index e23e4b7f3..000000000 --- a/deploy/static/provider/baremetal/1.24/deploy.yaml +++ /dev/null @@ -1,640 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/baremetal/1.24/kustomization.yaml b/deploy/static/provider/baremetal/1.24/kustomization.yaml deleted file mode 100644 index d585f85c6..000000000 --- a/deploy/static/provider/baremetal/1.24/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index 4867382fd..e23e4b7f3 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -343,6 +343,9 @@ metadata: name: ingress-nginx-controller namespace: ingress-nginx spec: + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http diff --git a/deploy/static/provider/cloud/1.20/deploy.yaml b/deploy/static/provider/cloud/1.20/deploy.yaml deleted file mode 100644 index 583e113ca..000000000 --- a/deploy/static/provider/cloud/1.20/deploy.yaml +++ /dev/null @@ -1,639 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/cloud/1.20/kustomization.yaml b/deploy/static/provider/cloud/1.20/kustomization.yaml deleted file mode 100644 index d477ec405..000000000 --- a/deploy/static/provider/cloud/1.20/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/cloud/1.21/deploy.yaml b/deploy/static/provider/cloud/1.21/deploy.yaml deleted file mode 100644 index 77407e8a9..000000000 --- a/deploy/static/provider/cloud/1.21/deploy.yaml +++ /dev/null @@ -1,642 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/cloud/1.21/kustomization.yaml b/deploy/static/provider/cloud/1.21/kustomization.yaml deleted file mode 100644 index d477ec405..000000000 --- a/deploy/static/provider/cloud/1.21/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/cloud/1.22/deploy.yaml b/deploy/static/provider/cloud/1.22/deploy.yaml deleted file mode 100644 index 77407e8a9..000000000 --- a/deploy/static/provider/cloud/1.22/deploy.yaml +++ /dev/null @@ -1,642 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/cloud/1.22/kustomization.yaml b/deploy/static/provider/cloud/1.22/kustomization.yaml deleted file mode 100644 index d477ec405..000000000 --- a/deploy/static/provider/cloud/1.22/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/cloud/1.23/deploy.yaml b/deploy/static/provider/cloud/1.23/deploy.yaml deleted file mode 100644 index 77407e8a9..000000000 --- a/deploy/static/provider/cloud/1.23/deploy.yaml +++ /dev/null @@ -1,642 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/cloud/1.23/kustomization.yaml b/deploy/static/provider/cloud/1.23/kustomization.yaml deleted file mode 100644 index d477ec405..000000000 --- a/deploy/static/provider/cloud/1.23/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/cloud/1.24/deploy.yaml b/deploy/static/provider/cloud/1.24/deploy.yaml deleted file mode 100644 index 77407e8a9..000000000 --- a/deploy/static/provider/cloud/1.24/deploy.yaml +++ /dev/null @@ -1,642 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/cloud/1.24/kustomization.yaml b/deploy/static/provider/cloud/1.24/kustomization.yaml deleted file mode 100644 index d477ec405..000000000 --- a/deploy/static/provider/cloud/1.24/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 583e113ca..77407e8a9 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -344,6 +344,9 @@ metadata: namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http diff --git a/deploy/static/provider/do/1.20/deploy.yaml b/deploy/static/provider/do/1.20/deploy.yaml deleted file mode 100644 index 290f57345..000000000 --- a/deploy/static/provider/do/1.20/deploy.yaml +++ /dev/null @@ -1,643 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - use-proxy-protocol: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - timeoutSeconds: 29 diff --git a/deploy/static/provider/do/1.20/kustomization.yaml b/deploy/static/provider/do/1.20/kustomization.yaml deleted file mode 100644 index f20d445c7..000000000 --- a/deploy/static/provider/do/1.20/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/do/1.21/deploy.yaml b/deploy/static/provider/do/1.21/deploy.yaml deleted file mode 100644 index e35d1d7ca..000000000 --- a/deploy/static/provider/do/1.21/deploy.yaml +++ /dev/null @@ -1,646 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - use-proxy-protocol: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - timeoutSeconds: 29 diff --git a/deploy/static/provider/do/1.21/kustomization.yaml b/deploy/static/provider/do/1.21/kustomization.yaml deleted file mode 100644 index f20d445c7..000000000 --- a/deploy/static/provider/do/1.21/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/do/1.22/deploy.yaml b/deploy/static/provider/do/1.22/deploy.yaml deleted file mode 100644 index e35d1d7ca..000000000 --- a/deploy/static/provider/do/1.22/deploy.yaml +++ /dev/null @@ -1,646 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - use-proxy-protocol: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - timeoutSeconds: 29 diff --git a/deploy/static/provider/do/1.22/kustomization.yaml b/deploy/static/provider/do/1.22/kustomization.yaml deleted file mode 100644 index f20d445c7..000000000 --- a/deploy/static/provider/do/1.22/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/do/1.23/deploy.yaml b/deploy/static/provider/do/1.23/deploy.yaml deleted file mode 100644 index e35d1d7ca..000000000 --- a/deploy/static/provider/do/1.23/deploy.yaml +++ /dev/null @@ -1,646 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - use-proxy-protocol: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - timeoutSeconds: 29 diff --git a/deploy/static/provider/do/1.23/kustomization.yaml b/deploy/static/provider/do/1.23/kustomization.yaml deleted file mode 100644 index f20d445c7..000000000 --- a/deploy/static/provider/do/1.23/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/do/1.24/deploy.yaml b/deploy/static/provider/do/1.24/deploy.yaml deleted file mode 100644 index e35d1d7ca..000000000 --- a/deploy/static/provider/do/1.24/deploy.yaml +++ /dev/null @@ -1,646 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - use-proxy-protocol: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - timeoutSeconds: 29 diff --git a/deploy/static/provider/do/1.24/kustomization.yaml b/deploy/static/provider/do/1.24/kustomization.yaml deleted file mode 100644 index f20d445c7..000000000 --- a/deploy/static/provider/do/1.24/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/do -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 290f57345..e35d1d7ca 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -347,6 +347,9 @@ metadata: namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http diff --git a/deploy/static/provider/exoscale/1.20/deploy.yaml b/deploy/static/provider/exoscale/1.20/deploy.yaml deleted file mode 100644 index 4b35cf267..000000000 --- a/deploy/static/provider/exoscale/1.20/deploy.yaml +++ /dev/null @@ -1,648 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller - load balancer - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-timeout: 3s - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-uri: / - service.beta.kubernetes.io/exoscale-loadbalancer-service-strategy: source-hash - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/exoscale/1.20/kustomization.yaml b/deploy/static/provider/exoscale/1.20/kustomization.yaml deleted file mode 100644 index e79016cf3..000000000 --- a/deploy/static/provider/exoscale/1.20/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/exoscale/1.21/deploy.yaml b/deploy/static/provider/exoscale/1.21/deploy.yaml deleted file mode 100644 index fe9a2de7f..000000000 --- a/deploy/static/provider/exoscale/1.21/deploy.yaml +++ /dev/null @@ -1,651 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller - load balancer - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-timeout: 3s - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-uri: / - service.beta.kubernetes.io/exoscale-loadbalancer-service-strategy: source-hash - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/exoscale/1.21/kustomization.yaml b/deploy/static/provider/exoscale/1.21/kustomization.yaml deleted file mode 100644 index e79016cf3..000000000 --- a/deploy/static/provider/exoscale/1.21/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/exoscale/1.22/deploy.yaml b/deploy/static/provider/exoscale/1.22/deploy.yaml deleted file mode 100644 index fe9a2de7f..000000000 --- a/deploy/static/provider/exoscale/1.22/deploy.yaml +++ /dev/null @@ -1,651 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller - load balancer - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-timeout: 3s - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-uri: / - service.beta.kubernetes.io/exoscale-loadbalancer-service-strategy: source-hash - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/exoscale/1.22/kustomization.yaml b/deploy/static/provider/exoscale/1.22/kustomization.yaml deleted file mode 100644 index e79016cf3..000000000 --- a/deploy/static/provider/exoscale/1.22/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/exoscale/1.23/deploy.yaml b/deploy/static/provider/exoscale/1.23/deploy.yaml deleted file mode 100644 index fe9a2de7f..000000000 --- a/deploy/static/provider/exoscale/1.23/deploy.yaml +++ /dev/null @@ -1,651 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller - load balancer - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-timeout: 3s - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-uri: / - service.beta.kubernetes.io/exoscale-loadbalancer-service-strategy: source-hash - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/exoscale/1.23/kustomization.yaml b/deploy/static/provider/exoscale/1.23/kustomization.yaml deleted file mode 100644 index e79016cf3..000000000 --- a/deploy/static/provider/exoscale/1.23/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/exoscale/1.24/deploy.yaml b/deploy/static/provider/exoscale/1.24/deploy.yaml deleted file mode 100644 index fe9a2de7f..000000000 --- a/deploy/static/provider/exoscale/1.24/deploy.yaml +++ /dev/null @@ -1,651 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/exoscale-loadbalancer-description: NGINX Ingress Controller - load balancer - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: 10s - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: http - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1" - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-timeout: 3s - service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-uri: / - service.beta.kubernetes.io/exoscale-loadbalancer-service-strategy: source-hash - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/exoscale/1.24/kustomization.yaml b/deploy/static/provider/exoscale/1.24/kustomization.yaml deleted file mode 100644 index e79016cf3..000000000 --- a/deploy/static/provider/exoscale/1.24/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/exoscale -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 4b35cf267..fe9a2de7f 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -353,6 +353,9 @@ metadata: namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http diff --git a/deploy/static/provider/kind/1.20/deploy.yaml b/deploy/static/provider/kind/1.20/deploy.yaml deleted file mode 100644 index 0a8c6ba1c..000000000 --- a/deploy/static/provider/kind/1.20/deploy.yaml +++ /dev/null @@ -1,653 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --watch-ingress-without-class=true - - --publish-status-address=localhost - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - hostPort: 80 - name: http - protocol: TCP - - containerPort: 443 - hostPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - ingress-ready: "true" - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 0 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Equal - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Equal - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/kind/1.20/kustomization.yaml b/deploy/static/provider/kind/1.20/kustomization.yaml deleted file mode 100644 index bd605a188..000000000 --- a/deploy/static/provider/kind/1.20/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/kind/1.21/deploy.yaml b/deploy/static/provider/kind/1.21/deploy.yaml deleted file mode 100644 index 5ddb9c166..000000000 --- a/deploy/static/provider/kind/1.21/deploy.yaml +++ /dev/null @@ -1,656 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --watch-ingress-without-class=true - - --publish-status-address=localhost - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - hostPort: 80 - name: http - protocol: TCP - - containerPort: 443 - hostPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - ingress-ready: "true" - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 0 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Equal - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Equal - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/kind/1.21/kustomization.yaml b/deploy/static/provider/kind/1.21/kustomization.yaml deleted file mode 100644 index bd605a188..000000000 --- a/deploy/static/provider/kind/1.21/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/kind/1.22/deploy.yaml b/deploy/static/provider/kind/1.22/deploy.yaml deleted file mode 100644 index 5ddb9c166..000000000 --- a/deploy/static/provider/kind/1.22/deploy.yaml +++ /dev/null @@ -1,656 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --watch-ingress-without-class=true - - --publish-status-address=localhost - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - hostPort: 80 - name: http - protocol: TCP - - containerPort: 443 - hostPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - ingress-ready: "true" - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 0 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Equal - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Equal - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/kind/1.22/kustomization.yaml b/deploy/static/provider/kind/1.22/kustomization.yaml deleted file mode 100644 index bd605a188..000000000 --- a/deploy/static/provider/kind/1.22/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/kind/1.23/deploy.yaml b/deploy/static/provider/kind/1.23/deploy.yaml deleted file mode 100644 index 5ddb9c166..000000000 --- a/deploy/static/provider/kind/1.23/deploy.yaml +++ /dev/null @@ -1,656 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --watch-ingress-without-class=true - - --publish-status-address=localhost - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - hostPort: 80 - name: http - protocol: TCP - - containerPort: 443 - hostPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - ingress-ready: "true" - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 0 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Equal - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Equal - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/kind/1.23/kustomization.yaml b/deploy/static/provider/kind/1.23/kustomization.yaml deleted file mode 100644 index bd605a188..000000000 --- a/deploy/static/provider/kind/1.23/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/kind/1.24/deploy.yaml b/deploy/static/provider/kind/1.24/deploy.yaml deleted file mode 100644 index 5ddb9c166..000000000 --- a/deploy/static/provider/kind/1.24/deploy.yaml +++ /dev/null @@ -1,656 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --watch-ingress-without-class=true - - --publish-status-address=localhost - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - hostPort: 80 - name: http - protocol: TCP - - containerPort: 443 - hostPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - ingress-ready: "true" - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 0 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Equal - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Equal - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/kind/1.24/kustomization.yaml b/deploy/static/provider/kind/1.24/kustomization.yaml deleted file mode 100644 index bd605a188..000000000 --- a/deploy/static/provider/kind/1.24/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/kind -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 0a8c6ba1c..5ddb9c166 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -343,6 +343,9 @@ metadata: name: ingress-nginx-controller namespace: ingress-nginx spec: + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http diff --git a/deploy/static/provider/scw/1.20/deploy.yaml b/deploy/static/provider/scw/1.20/deploy.yaml deleted file mode 100644 index 558caa6e7..000000000 --- a/deploy/static/provider/scw/1.20/deploy.yaml +++ /dev/null @@ -1,642 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - use-proxy-protocol: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "true" - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/scw/1.20/kustomization.yaml b/deploy/static/provider/scw/1.20/kustomization.yaml deleted file mode 100644 index d8535dbde..000000000 --- a/deploy/static/provider/scw/1.20/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/scw/1.21/deploy.yaml b/deploy/static/provider/scw/1.21/deploy.yaml deleted file mode 100644 index 2dba2dc51..000000000 --- a/deploy/static/provider/scw/1.21/deploy.yaml +++ /dev/null @@ -1,645 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - use-proxy-protocol: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "true" - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/scw/1.21/kustomization.yaml b/deploy/static/provider/scw/1.21/kustomization.yaml deleted file mode 100644 index d8535dbde..000000000 --- a/deploy/static/provider/scw/1.21/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/scw/1.22/deploy.yaml b/deploy/static/provider/scw/1.22/deploy.yaml deleted file mode 100644 index 2dba2dc51..000000000 --- a/deploy/static/provider/scw/1.22/deploy.yaml +++ /dev/null @@ -1,645 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - use-proxy-protocol: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "true" - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/scw/1.22/kustomization.yaml b/deploy/static/provider/scw/1.22/kustomization.yaml deleted file mode 100644 index d8535dbde..000000000 --- a/deploy/static/provider/scw/1.22/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/scw/1.23/deploy.yaml b/deploy/static/provider/scw/1.23/deploy.yaml deleted file mode 100644 index 2dba2dc51..000000000 --- a/deploy/static/provider/scw/1.23/deploy.yaml +++ /dev/null @@ -1,645 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - use-proxy-protocol: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "true" - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/scw/1.23/kustomization.yaml b/deploy/static/provider/scw/1.23/kustomization.yaml deleted file mode 100644 index d8535dbde..000000000 --- a/deploy/static/provider/scw/1.23/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/scw/1.24/deploy.yaml b/deploy/static/provider/scw/1.24/deploy.yaml deleted file mode 100644 index 2dba2dc51..000000000 --- a/deploy/static/provider/scw/1.24/deploy.yaml +++ /dev/null @@ -1,645 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" - use-proxy-protocol: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "true" - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - externalTrafficPolicy: Local - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/deploy/static/provider/scw/1.24/kustomization.yaml b/deploy/static/provider/scw/1.24/kustomization.yaml deleted file mode 100644 index d8535dbde..000000000 --- a/deploy/static/provider/scw/1.24/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases. -# https://kubectl.docs.kubernetes.io/references/kustomize/bases/ -# -# ``` -# namespace: ingress-nginx -# bases: -# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/scw -# ``` - -resources: - - deploy.yaml diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 558caa6e7..2dba2dc51 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -347,6 +347,9 @@ metadata: namespace: ingress-nginx spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - appProtocol: http name: http diff --git a/hack/generate-deploy-scripts.sh b/hack/generate-deploy-scripts.sh index 7b4f304ad..6e22b8d88 100755 --- a/hack/generate-deploy-scripts.sh +++ b/hack/generate-deploy-scripts.sh @@ -22,11 +22,7 @@ fi set -o nounset set -o pipefail -# for backwards compatibility, the default version of 1.20 is copied to the root of the variant -# with enough docs updates, this could be removed -# see # DEFAULT VERSION HANDLING -K8S_DEFAULT_VERSION=1.20 -K8S_TARGET_VERSIONS=("1.20" "1.21" "1.22" "1.23" "1.24") +K8S_VERSION="1.22" DIR=$(cd $(dirname "${BASH_SOURCE}")/.. && pwd -P) @@ -35,40 +31,29 @@ rm -rf ${DIR}/deploy/static/provider/* TEMPLATE_DIR="${DIR}/hack/manifest-templates" -# each helm values file `values.yaml` under `hack/manifest-templates/provider` will be generated as provider/[/variant][/kube-version]/deploy.yaml +# each helm values file `values.yaml` under `hack/manifest-templates/provider` will be generated as provider/[/variant]/deploy.yaml # TARGET is provider/[/variant] TARGETS=$(dirname $(cd $DIR/hack/manifest-templates/ && find . -type f -name "values.yaml" ) | cut -d'/' -f2-) -for K8S_VERSION in "${K8S_TARGET_VERSIONS[@]}" +for TARGET in ${TARGETS} do - for TARGET in ${TARGETS} - do - echo "Running ${K8S_VERSION} for target ${TARGET}" - TARGET_DIR="${TEMPLATE_DIR}/${TARGET}" - MANIFEST="${TEMPLATE_DIR}/common/manifest.yaml" # intermediate manifest - OUTPUT_DIR="${DIR}/deploy/static/${TARGET}/${K8S_VERSION}" - echo $OUTPUT_DIR + TARGET_DIR="${TEMPLATE_DIR}/${TARGET}" + MANIFEST="${TEMPLATE_DIR}/common/manifest.yaml" # intermediate manifest + OUTPUT_DIR="${DIR}/deploy/static/${TARGET}" + echo $OUTPUT_DIR - mkdir -p ${OUTPUT_DIR} - cd ${TARGET_DIR} - helm template ingress-nginx ${DIR}/charts/ingress-nginx \ - --values values.yaml \ - --namespace ingress-nginx \ - --kube-version ${K8S_VERSION} \ - > $MANIFEST - sed -i.bak '/app.kubernetes.io\/managed-by: Helm/d' $MANIFEST - sed -i.bak '/helm.sh/d' $MANIFEST + mkdir -p ${OUTPUT_DIR} + cd ${TARGET_DIR} + helm template ingress-nginx ${DIR}/charts/ingress-nginx \ + --values values.yaml \ + --namespace ingress-nginx \ + --kube-version ${K8S_VERSION} \ + > $MANIFEST + sed -i.bak '/app.kubernetes.io\/managed-by: Helm/d' $MANIFEST + sed -i.bak '/helm.sh/d' $MANIFEST - kustomize --load-restrictor=LoadRestrictionsNone build . > ${OUTPUT_DIR}/deploy.yaml - rm $MANIFEST $MANIFEST.bak - cd ~- - # automatically generate the (unsupported) kustomization.yaml for each target - sed "s_{TARGET}_${TARGET}_" $TEMPLATE_DIR/static-kustomization-template.yaml > ${OUTPUT_DIR}/kustomization.yaml - - # DEFAULT VERSION HANDLING - if [[ ${K8S_VERSION} = ${K8S_DEFAULT_VERSION} ]] - then - cp ${OUTPUT_DIR}/*.yaml ${OUTPUT_DIR}/../ - sed -i.bak "s/^/#GENERATED FOR K8S ${K8S_VERSION}\n/" ${OUTPUT_DIR}/../deploy.yaml && rm ${OUTPUT_DIR}/../deploy.yaml.bak - fi - done + kustomize --load-restrictor=LoadRestrictionsNone build . > ${OUTPUT_DIR}/deploy.yaml + rm $MANIFEST $MANIFEST.bak + cd ~- + # automatically generate the (unsupported) kustomization.yaml for each target + sed "s_{TARGET}_${TARGET}_" $TEMPLATE_DIR/static-kustomization-template.yaml > ${OUTPUT_DIR}/kustomization.yaml done From 1dc9d9883347cf9552630785b89872a2ab754ef3 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Fri, 12 Aug 2022 07:22:43 +0300 Subject: [PATCH 220/494] Reimplement kubectl plugin release workflow (#8812) * Feat: reimplement kubectl plugin release system This commit does the following changes: - Add GitHub Actions pipeline for releasing the plugin - Removes the build/build-plugin.sh and replaces this with GoReleaser - Adds the use of krew-release-bot for automatically updating the krew release - Removes the make target for build/build-plugin.sh Signed-off-by: Ismayil Mirzali * Fix: pin github actions stages with commit sha Signed-off-by: Ismayil Mirzali Signed-off-by: Ismayil Mirzali --- .github/workflows/plugin.yaml | 37 +++++++++++++ .goreleaser.yaml | 29 +++++++++++ Makefile | 12 ----- build/build-plugin.sh | 84 ------------------------------ cmd/plugin/ingress-nginx.yaml.tmpl | 51 ------------------ cmd/plugin/krew.yaml | 41 +++++++++++++++ 6 files changed, 107 insertions(+), 147 deletions(-) create mode 100644 .github/workflows/plugin.yaml create mode 100644 .goreleaser.yaml delete mode 100755 build/build-plugin.sh delete mode 100644 cmd/plugin/ingress-nginx.yaml.tmpl create mode 100644 cmd/plugin/krew.yaml diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml new file mode 100644 index 000000000..efc9a6f06 --- /dev/null +++ b/.github/workflows/plugin.yaml @@ -0,0 +1,37 @@ +name: kubectl plugin + +on: + push: + branches: + - "main" + paths: + - "cmd/plugin/**" + tags: + - "v*" + +jobs: + release-plugin: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + with: + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0 + with: + go-version: 1.18 + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@68acf3b1adf004ac9c2f0a4259e85c5f66e99bef # v3.0.0 + with: + version: latest + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Update new version in krew-index + uses: rajatjindal/krew-release-bot@92da038bbf995803124a8e50ebd438b2f37bbbb0 # v0.0.43 + with: + krew_template_file: cmd/plugin/krew.yaml diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 000000000..a0ef6eb3d --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,29 @@ +project_name: ingress-nginx +release: + github: + owner: kubernetes + name: ingress-nginx +builds: + - id: ingress-nginx + goos: + - darwin + - linux + - windows + goarch: + - arm64 + - amd64 + env: + - CGO_ENABLED=0 + - GO111MODULE=on + main: cmd/plugin/main.go + binary: kubectl-ingress-nginx + ldflags: | + -s -w + -X k8s.io/ingress-nginx/version.COMMIT={{ .Commit }} + -X k8s.io/ingress-nginx/version.RELEASE={{ .Tag }} +archives: + - id: ingress-nginx + builds: + - ingress-nginx + name_template: "kubectl-{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}" + format: tar.gz diff --git a/Makefile b/Makefile index fcbf79816..7a62d6f61 100644 --- a/Makefile +++ b/Makefile @@ -127,18 +127,6 @@ build: ## Build ingress controller, debug tool and pre-stop hook. build/build.sh -.PHONY: build-plugin -build-plugin: ## Build ingress-nginx krew plugin. - @build/run-in-docker.sh \ - PKG=$(PKG) \ - MAC_OS=$(MAC_OS) \ - ARCH=$(ARCH) \ - COMMIT_SHA=$(COMMIT_SHA) \ - REPO_INFO=$(REPO_INFO) \ - TAG=$(TAG) \ - build/build-plugin.sh - - .PHONY: clean clean: ## Remove .gocache directory. rm -rf bin/ .gocache/ .cache/ diff --git a/build/build-plugin.sh b/build/build-plugin.sh deleted file mode 100755 index a3ed34bf2..000000000 --- a/build/build-plugin.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/bash - -# Copyright 2018 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -if [ -n "$DEBUG" ]; then - set -x -fi - -set -o errexit -set -o nounset -set -o pipefail - -declare -a mandatory -mandatory=( - PKG - ARCH - COMMIT_SHA - REPO_INFO - TAG -) - -missing=false -for var in "${mandatory[@]}"; do - if [[ -z "${!var:-}" ]]; then - echo "Environment variable $var must be set" - missing=true - fi -done - -if [ "$missing" = true ]; then - exit 1 -fi - -export CGO_ENABLED=0 - -release=cmd/plugin/release - -function build_for_arch(){ - os=$1 - arch=$2 - extension=$3 - - echo "> building targets for ${os}-${arch}" - - env GOOS="${os}" GOARCH="${arch}" go build \ - ${GOBUILD_FLAGS} \ - -trimpath -ldflags="-buildid= -w -s \ - -X ${PKG}/version.RELEASE=${TAG} \ - -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ - -X ${PKG}/version.REPO=${REPO_INFO}" \ - -o "${release}/kubectl-ingress_nginx${extension}" "${PKG}/cmd/plugin" - - cp LICENSE ${release} - tar -C "${release}" -zcvf "${release}/kubectl-ingress_nginx-${os}-${arch}.tar.gz" "kubectl-ingress_nginx${extension}" LICENSE - rm "${release}/kubectl-ingress_nginx${extension}" - hash=$(sha256sum "${release}/kubectl-ingress_nginx-${os}-${arch}.tar.gz" | awk '{ print $1 }') - sed -i "s/%%%shasum_${os}_${arch}%%%/${hash}/g" "${release}/ingress-nginx.yaml" -} - -rm -rf "${release}" -mkdir "${release}" - -cp cmd/plugin/ingress-nginx.yaml.tmpl "${release}/ingress-nginx.yaml" - -sed -i "s/%%%tag%%%/${TAG}/g" ${release}/ingress-nginx.yaml - -echo "Generated targets in ${release} directory." - -build_for_arch darwin amd64 '' -build_for_arch darwin arm64 '' -build_for_arch linux amd64 '' -build_for_arch windows amd64 '.exe' diff --git a/cmd/plugin/ingress-nginx.yaml.tmpl b/cmd/plugin/ingress-nginx.yaml.tmpl deleted file mode 100644 index 9fce2d92d..000000000 --- a/cmd/plugin/ingress-nginx.yaml.tmpl +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: krew.googlecontainertools.github.com/v1alpha2 -kind: Plugin -metadata: - name: ingress-nginx -spec: - shortDescription: Interact with ingress-nginx - description: | - The official kubectl plugin for ingress-nginx. - version: %%%tag%%% - homepage: https://kubernetes.github.io/ingress-nginx/kubectl-plugin/ - platforms: - - uri: https://github.com/kubernetes/ingress-nginx/releases/download/nginx-%%%tag%%%/kubectl-ingress_nginx-darwin-arm64.tar.gz - sha256: %%%shasum_darwin_arm64%%% - files: - - from: "*" - to: "." - bin: "./kubectl-ingress_nginx" - selector: - matchLabels: - os: darwin - arch: arm64 - - uri: https://github.com/kubernetes/ingress-nginx/releases/download/nginx-%%%tag%%%/kubectl-ingress_nginx-darwin-amd64.tar.gz - sha256: %%%shasum_darwin_amd64%%% - files: - - from: "*" - to: "." - bin: "./kubectl-ingress_nginx" - selector: - matchLabels: - os: darwin - arch: amd64 - - uri: https://github.com/kubernetes/ingress-nginx/releases/download/nginx-%%%tag%%%/kubectl-ingress_nginx-linux-amd64.tar.gz - sha256: %%%shasum_linux_amd64%%% - files: - - from: "*" - to: "." - bin: "./kubectl-ingress_nginx" - selector: - matchLabels: - os: linux - arch: amd64 - - uri: https://github.com/kubernetes/ingress-nginx/releases/download/nginx-%%%tag%%%/kubectl-ingress_nginx-windows-amd64.tar.gz - sha256: %%%shasum_windows_amd64%%% - files: - - from: "*" - to: "." - bin: "./kubectl-ingress_nginx.exe" - selector: - matchLabels: - os: windows - arch: amd64 diff --git a/cmd/plugin/krew.yaml b/cmd/plugin/krew.yaml new file mode 100644 index 000000000..e68b09f9a --- /dev/null +++ b/cmd/plugin/krew.yaml @@ -0,0 +1,41 @@ +apiVersion: krew.googlecontainertools.github.com/v1alpha2 +kind: Plugin +metadata: + name: ingress-nginx +spec: + shortDescription: Interact with ingress-nginx + description: | + The official kubectl plugin for ingress-nginx. + version: {{ .TagName }} + homepage: https://kubernetes.github.io/ingress-nginx/kubectl-plugin/ + platforms: + - selector: + matchLabels: + os: darwin + arch: arm64 + {{addURIAndSha "https://github.com/kubernetes/ingress-nginx/releases/download/{{ .TagName }}/kubectl-ingress-nginx_darwin_arm64.tar.gz" .TagName }} + bin: kubectl-ingress-nginx + - selector: + matchLabels: + os: darwin + arch: amd64 + {{addURIAndSha "https://github.com/kubernetes/ingress-nginx/releases/download/{{ .TagName }}/kubectl-ingress-nginx_darwin_amd64.tar.gz" .TagName }} + bin: kubectl-ingress-nginx + selector: + matchLabels: + os: linux + arch: amd64 + {{addURIAndSha "https://github.com/kubernetes/ingress-nginx/releases/download/{{ .TagName }}/kubectl-ingress-nginx_linux_amd64.tar.gz" .TagName }} + bin: kubectl-ingress-nginx + - selector: + matchLabels: + os: linux + arch: arm64 + {{addURIAndSha "https://github.com/kubernetes/ingress-nginx/releases/download/{{ .TagName }}/kubectl-ingress-nginx_linux_arm64.tar.gz" .TagName }} + bin: kubectl-ingress-nginx + - selector: + matchLabels: + os: windows + arch: amd64 + {{addURIAndSha "https://github.com/kubernetes/ingress-nginx/releases/download/{{ .TagName }}/kubectl-ingress-nginx_windows_amd64.tar.gz" .TagName }} + bin: kubectl-ingress-nginx.exe From 9fdbef829c327b95a3c6d6816a301df41bda997f Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Thu, 18 Aug 2022 18:24:36 +0530 Subject: [PATCH 221/494] bump alpine to v3.16.2 (#8934) --- docs/examples/customization/sysctl/patch.json | 2 +- images/cfssl/rootfs/Dockerfile | 2 +- images/httpbin/rootfs/Dockerfile | 2 +- images/nginx/rootfs/Dockerfile | 4 ++-- images/opentelemetry/rootfs/Dockerfile | 4 ++-- rootfs/Dockerfile-chroot | 2 +- test/e2e-image/Dockerfile | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/examples/customization/sysctl/patch.json b/docs/examples/customization/sysctl/patch.json index 319ccf4f8..75d613295 100644 --- a/docs/examples/customization/sysctl/patch.json +++ b/docs/examples/customization/sysctl/patch.json @@ -4,7 +4,7 @@ "spec": { "initContainers": [{ "name": "sysctl", - "image": "alpine:3.16.1", + "image": "alpine:3.16.2", "securityContext": { "privileged": true }, diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index 59a89d92c..b6dfa567f 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.1 +FROM alpine:3.16.2 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk add --no-cache \ diff --git a/images/httpbin/rootfs/Dockerfile b/images/httpbin/rootfs/Dockerfile index 016ab913f..da9cd0145 100644 --- a/images/httpbin/rootfs/Dockerfile +++ b/images/httpbin/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.1 +FROM alpine:3.16.2 ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index a93a58f8f..6168ee5d8 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.1 as builder +FROM alpine:3.16.2 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.16.1 +FROM alpine:3.16.2 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index ccab2223d..f8fb37811 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.16.1 as base +FROM alpine:3.16.2 as base RUN mkdir -p /opt/third_party/install COPY . /opt/third_party/ @@ -39,7 +39,7 @@ COPY --from=grpc /opt/third_party/install/ /usr COPY --from=otel-cpp /opt/third_party/install/ /usr RUN bash /opt/third_party/build.sh -n -FROM alpine:3.16.1 +FROM alpine:3.16.2 COPY --from=base /opt/third_party/init_module.sh /usr/local/bin/init_module.sh COPY --from=nginx /etc/nginx/modules /etc/nginx/modules COPY --from=nginx /opt/third_party/install/lib /etc/nginx/modules diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index de2fd6da0..64b222890 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.16.1 +FROM alpine:3.16.2 ARG TARGETARCH ARG VERSION diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index d88338d65..ab4ba5026 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,7 +1,7 @@ ARG E2E_BASE_IMAGE FROM ${E2E_BASE_IMAGE} AS BASE -FROM alpine:3.16.1 +FROM alpine:3.16.2 RUN apk add -U --no-cache \ ca-certificates \ From a98c637872f8cfd878f66bf024f392d98e5ca729 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 19 Aug 2022 08:00:09 +0530 Subject: [PATCH 222/494] bump baseimage alpine to v3.16.2 for zlib CVE fix (#8939) --- NGINX_BASE | 2 +- test/e2e/settings/ocsp/ocsp.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NGINX_BASE b/NGINX_BASE index 71016de7a..bc477308f 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:f0490cbfbf29a7a05caaac29998dde56173ac2bb@sha256:f0d8d32a20f8c1a7c98b504a03b162931d93edd60ecc2c745917a32e9e3e92ad +registry.k8s.io/ingress-nginx/nginx:9fdbef829c327b95a3c6d6816a301df41bda997f@sha256:46c27294e467f46d0006ad1eb5fd3f7005eb3cbd00dd43be2ed9b02edfc6e828 diff --git a/test/e2e/settings/ocsp/ocsp.go b/test/e2e/settings/ocsp/ocsp.go index 83eeab46e..ea137aeb1 100644 --- a/test/e2e/settings/ocsp/ocsp.go +++ b/test/e2e/settings/ocsp/ocsp.go @@ -292,7 +292,7 @@ func ocspserveDeployment(namespace string) (*appsv1.Deployment, *corev1.Service) Containers: []corev1.Container{ { Name: name, - Image: "registry.k8s.io/ingress-nginx/e2e-test-cfssl@sha256:c0bd134f1c7190079180e6d4fa2ba64c049961a49b96db20aa39fabc896d26d5", + Image: "registry.k8s.io/ingress-nginx/e2e-test-cfssl@sha256:c1b273763048944dd7d22d37adfc65be4fa6a5f6068204292573c6cdc5ea3457", Command: []string{ "/bin/bash", "-c", From 4508493dfe7fb06206109a0a9dcc6025cc335273 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 21 Aug 2022 18:21:51 -0300 Subject: [PATCH 223/494] Clean old code and move helper functions (#8946) --- internal/ingress/controller/controller.go | 94 +-------- internal/ingress/controller/nginx.go | 88 +------- internal/ingress/controller/nginx_test.go | 112 ----------- internal/k8s/main.go | 3 - pkg/util/ingress/ingress.go | 233 ++++++++++++++++++++++ pkg/util/ingress/ingress_test.go | 132 ++++++++++++ test/e2e/framework/framework.go | 4 - 7 files changed, 374 insertions(+), 292 deletions(-) create mode 100644 pkg/util/ingress/ingress.go create mode 100644 pkg/util/ingress/ingress_test.go diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index d0f85bb01..bba932d16 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -45,6 +45,7 @@ import ( "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/nginx" "k8s.io/ingress-nginx/pkg/apis/ingress" + utilingress "k8s.io/ingress-nginx/pkg/util/ingress" "k8s.io/klog/v2" ) @@ -163,7 +164,7 @@ func (n *NGINXController) syncIngress(interface{}) error { n.metricCollector.SetHosts(hosts) - if !n.IsDynamicConfigurationEnough(pcfg) { + if !utilingress.IsDynamicConfigurationEnough(pcfg, n.runningConfig) { klog.InfoS("Configuration changes detected, backend reload required") hash, _ := hashstructure.Hash(pcfg, &hashstructure.HashOptions{ @@ -223,9 +224,9 @@ func (n *NGINXController) syncIngress(interface{}) error { return err } - ri := getRemovedIngresses(n.runningConfig, pcfg) - re := getRemovedHosts(n.runningConfig, pcfg) - rc := getRemovedCertificateSerialNumbers(n.runningConfig, pcfg) + ri := utilingress.GetRemovedIngresses(n.runningConfig, pcfg) + re := utilingress.GetRemovedHosts(n.runningConfig, pcfg) + rc := utilingress.GetRemovedCertificateSerialNumbers(n.runningConfig, pcfg) n.metricCollector.RemoveMetrics(ri, re, rc) n.runningConfig = pcfg @@ -1623,91 +1624,6 @@ func extractTLSSecretName(host string, ing *ingress.Ingress, return "" } -// getRemovedHosts returns a list of the hostnames -// that are not associated anymore to the NGINX configuration. -func getRemovedHosts(rucfg, newcfg *ingress.Configuration) []string { - old := sets.NewString() - new := sets.NewString() - - for _, s := range rucfg.Servers { - if !old.Has(s.Hostname) { - old.Insert(s.Hostname) - } - } - - for _, s := range newcfg.Servers { - if !new.Has(s.Hostname) { - new.Insert(s.Hostname) - } - } - - return old.Difference(new).List() -} - -func getRemovedCertificateSerialNumbers(rucfg, newcfg *ingress.Configuration) []string { - oldCertificates := sets.NewString() - newCertificates := sets.NewString() - - for _, server := range rucfg.Servers { - if server.SSLCert == nil { - continue - } - identifier := server.SSLCert.Identifier() - if identifier != "" { - if !oldCertificates.Has(identifier) { - oldCertificates.Insert(identifier) - } - } - } - - for _, server := range newcfg.Servers { - if server.SSLCert == nil { - continue - } - identifier := server.SSLCert.Identifier() - if identifier != "" { - if !newCertificates.Has(identifier) { - newCertificates.Insert(identifier) - } - } - } - - return oldCertificates.Difference(newCertificates).List() -} - -func getRemovedIngresses(rucfg, newcfg *ingress.Configuration) []string { - oldIngresses := sets.NewString() - newIngresses := sets.NewString() - - for _, server := range rucfg.Servers { - for _, location := range server.Locations { - if location.Ingress == nil { - continue - } - - ingKey := k8s.MetaNamespaceKey(location.Ingress) - if !oldIngresses.Has(ingKey) { - oldIngresses.Insert(ingKey) - } - } - } - - for _, server := range newcfg.Servers { - for _, location := range server.Locations { - if location.Ingress == nil { - continue - } - - ingKey := k8s.MetaNamespaceKey(location.Ingress) - if !newIngresses.Has(ingKey) { - newIngresses.Insert(ingKey) - } - } - } - - return oldIngresses.Difference(newIngresses).List() -} - // checks conditions for whether or not an upstream should be created for a custom default backend func shouldCreateUpstreamForLocationDefaultBackend(upstream *ingress.Backend, location *ingress.Location) bool { return (upstream.Name == location.Backend) && diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index d0f4abe27..4b543ea2f 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -39,7 +39,6 @@ import ( "github.com/eapache/channels" apiv1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/kubernetes/scheme" v1core "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/tools/record" @@ -61,6 +60,8 @@ import ( "k8s.io/ingress-nginx/pkg/apis/ingress" "k8s.io/ingress-nginx/pkg/util/file" + utilingress "k8s.io/ingress-nginx/pkg/util/ingress" + klog "k8s.io/klog/v2" ) @@ -601,10 +602,9 @@ func (n NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressC IsIPV6Enabled: n.isIPV6Enabled && !cfg.DisableIpv6, NginxStatusIpv4Whitelist: cfg.NginxStatusIpv4Whitelist, NginxStatusIpv6Whitelist: cfg.NginxStatusIpv6Whitelist, - RedirectServers: buildRedirects(ingressCfg.Servers), + RedirectServers: utilingress.BuildRedirects(ingressCfg.Servers), IsSSLPassthroughEnabled: n.cfg.EnableSSLPassthrough, ListenPorts: n.cfg.ListenPorts, - PublishService: n.GetPublishService(), EnableMetrics: n.cfg.EnableMetrics, MaxmindEditionFiles: n.cfg.MaxmindEditionFiles, HealthzURI: nginx.HealthPath, @@ -832,24 +832,6 @@ func clearL4serviceEndpoints(config *ingress.Configuration) { config.UDPEndpoints = clearedUDPL4Services } -// IsDynamicConfigurationEnough returns whether a Configuration can be -// dynamically applied, without reloading the backend. -func (n *NGINXController) IsDynamicConfigurationEnough(pcfg *ingress.Configuration) bool { - copyOfRunningConfig := *n.runningConfig - copyOfPcfg := *pcfg - - copyOfRunningConfig.Backends = []*ingress.Backend{} - copyOfPcfg.Backends = []*ingress.Backend{} - - clearL4serviceEndpoints(©OfRunningConfig) - clearL4serviceEndpoints(©OfPcfg) - - clearCertificates(©OfRunningConfig) - clearCertificates(©OfPcfg) - - return copyOfRunningConfig.Equal(©OfPcfg) -} - // configureDynamically encodes new Backends in JSON format and POSTs the // payload to an internal HTTP endpoint handled by Lua. func (n *NGINXController) configureDynamically(pcfg *ingress.Configuration) error { @@ -1019,7 +1001,7 @@ func configureCertificates(rawServers []*ingress.Server) error { } } - redirects := buildRedirects(rawServers) + redirects := utilingress.BuildRedirects(rawServers) for _, redirect := range redirects { configure(redirect.From, redirect.SSLCert) } @@ -1139,65 +1121,3 @@ func cleanTempNginxCfg() error { return nil } - -type redirect struct { - From string - To string - SSLCert *ingress.SSLCert -} - -func buildRedirects(servers []*ingress.Server) []*redirect { - names := sets.String{} - redirectServers := make([]*redirect, 0) - - for _, srv := range servers { - if !srv.RedirectFromToWWW { - continue - } - - to := srv.Hostname - - var from string - if strings.HasPrefix(to, "www.") { - from = strings.TrimPrefix(to, "www.") - } else { - from = fmt.Sprintf("www.%v", to) - } - - if names.Has(to) { - continue - } - - klog.V(3).InfoS("Creating redirect", "from", from, "to", to) - found := false - for _, esrv := range servers { - if esrv.Hostname == from { - found = true - break - } - } - - if found { - klog.Warningf("Already exists an Ingress with %q hostname. Skipping creation of redirection from %q to %q.", from, from, to) - continue - } - - r := &redirect{ - From: from, - To: to, - } - - if srv.SSLCert != nil { - if ssl.IsValidHostname(from, srv.SSLCert.CN) { - r.SSLCert = srv.SSLCert - } else { - klog.Warningf("the server %v has SSL configured but the SSL certificate does not contains a CN for %v. Redirects will not work for HTTPS to HTTPS", from, to) - } - } - - redirectServers = append(redirectServers, r) - names.Insert(to) - } - - return redirectServers -} diff --git a/internal/ingress/controller/nginx_test.go b/internal/ingress/controller/nginx_test.go index c2c71b797..4d3155194 100644 --- a/internal/ingress/controller/nginx_test.go +++ b/internal/ingress/controller/nginx_test.go @@ -36,118 +36,6 @@ import ( "k8s.io/ingress-nginx/pkg/apis/ingress" ) -func TestIsDynamicConfigurationEnough(t *testing.T) { - backends := []*ingress.Backend{{ - Name: "fakenamespace-myapp-80", - Endpoints: []ingress.Endpoint{ - { - Address: "10.0.0.1", - Port: "8080", - }, - { - Address: "10.0.0.2", - Port: "8080", - }, - }, - }} - - servers := []*ingress.Server{{ - Hostname: "myapp.fake", - Locations: []*ingress.Location{ - { - Path: "/", - Backend: "fakenamespace-myapp-80", - }, - }, - SSLCert: &ingress.SSLCert{ - PemCertKey: "fake-certificate", - }, - }} - - commonConfig := &ingress.Configuration{ - Backends: backends, - Servers: servers, - } - - n := &NGINXController{ - runningConfig: &ingress.Configuration{ - Backends: backends, - Servers: servers, - }, - cfg: &Configuration{}, - } - - newConfig := commonConfig - if !n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("When new config is same as the running config it should be deemed as dynamically configurable") - } - - newConfig = &ingress.Configuration{ - Backends: []*ingress.Backend{{Name: "another-backend-8081"}}, - Servers: []*ingress.Server{{Hostname: "myapp1.fake"}}, - } - if n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("Expected to not be dynamically configurable when there's more than just backends change") - } - - newConfig = &ingress.Configuration{ - Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, - Servers: servers, - } - - if !n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("Expected to be dynamically configurable when only backends change") - } - - newServers := []*ingress.Server{{ - Hostname: "myapp1.fake", - Locations: []*ingress.Location{ - { - Path: "/", - Backend: "fakenamespace-myapp-80", - }, - }, - SSLCert: &ingress.SSLCert{ - PemCertKey: "fake-certificate", - }, - }} - - newConfig = &ingress.Configuration{ - Backends: backends, - Servers: newServers, - } - if n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("Expected to not be dynamically configurable when dynamic certificates is enabled and a non-certificate field in servers is updated") - } - - newServers[0].Hostname = "myapp.fake" - newServers[0].SSLCert.PemCertKey = "new-fake-certificate" - - newConfig = &ingress.Configuration{ - Backends: backends, - Servers: newServers, - } - if !n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("Expected to be dynamically configurable when only SSLCert changes") - } - - newConfig = &ingress.Configuration{ - Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, - Servers: newServers, - } - if !n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("Expected to be dynamically configurable when backend and SSLCert changes") - } - - if !n.runningConfig.Equal(commonConfig) { - t.Errorf("Expected running config to not change") - } - - if !newConfig.Equal(&ingress.Configuration{Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, Servers: newServers}) { - t.Errorf("Expected new config to not change") - } -} - func TestConfigureDynamically(t *testing.T) { listener, err := tryListen("tcp", fmt.Sprintf(":%v", nginx.StatusPort)) if err != nil { diff --git a/internal/k8s/main.go b/internal/k8s/main.go index 1487e892a..5332631a7 100644 --- a/internal/k8s/main.go +++ b/internal/k8s/main.go @@ -121,9 +121,6 @@ func MetaNamespaceKey(obj interface{}) string { return key } -// IsIngressV1Ready indicates if the running Kubernetes version is at least v1.19.0 -var IsIngressV1Ready bool - // IngressNGINXController defines the valid value of IngressClass // Controller field for ingress-nginx const IngressNGINXController = "k8s.io/ingress-nginx" diff --git a/pkg/util/ingress/ingress.go b/pkg/util/ingress/ingress.go new file mode 100644 index 000000000..7df2cc114 --- /dev/null +++ b/pkg/util/ingress/ingress.go @@ -0,0 +1,233 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ingress + +import ( + "fmt" + "strings" + + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/ingress-nginx/internal/k8s" + "k8s.io/ingress-nginx/internal/net/ssl" + "k8s.io/ingress-nginx/pkg/apis/ingress" + "k8s.io/klog/v2" +) + +func GetRemovedHosts(rucfg, newcfg *ingress.Configuration) []string { + oldSet := sets.NewString() + newSet := sets.NewString() + + for _, s := range rucfg.Servers { + if !oldSet.Has(s.Hostname) { + oldSet.Insert(s.Hostname) + } + } + + for _, s := range newcfg.Servers { + if !newSet.Has(s.Hostname) { + newSet.Insert(s.Hostname) + } + } + + return oldSet.Difference(newSet).List() +} + +// GetRemovedCertificateSerialNumber extracts the difference of certificates between two configurations +func GetRemovedCertificateSerialNumbers(rucfg, newcfg *ingress.Configuration) []string { + oldCertificates := sets.NewString() + newCertificates := sets.NewString() + + for _, server := range rucfg.Servers { + if server.SSLCert == nil { + continue + } + identifier := server.SSLCert.Identifier() + if identifier != "" { + if !oldCertificates.Has(identifier) { + oldCertificates.Insert(identifier) + } + } + } + + for _, server := range newcfg.Servers { + if server.SSLCert == nil { + continue + } + identifier := server.SSLCert.Identifier() + if identifier != "" { + if !newCertificates.Has(identifier) { + newCertificates.Insert(identifier) + } + } + } + + return oldCertificates.Difference(newCertificates).List() +} + +// GetRemovedIngresses extracts the difference of ingresses between two configurations +func GetRemovedIngresses(rucfg, newcfg *ingress.Configuration) []string { + oldIngresses := sets.NewString() + newIngresses := sets.NewString() + + for _, server := range rucfg.Servers { + for _, location := range server.Locations { + if location.Ingress == nil { + continue + } + + ingKey := k8s.MetaNamespaceKey(location.Ingress) + if !oldIngresses.Has(ingKey) { + oldIngresses.Insert(ingKey) + } + } + } + + for _, server := range newcfg.Servers { + for _, location := range server.Locations { + if location.Ingress == nil { + continue + } + + ingKey := k8s.MetaNamespaceKey(location.Ingress) + if !newIngresses.Has(ingKey) { + newIngresses.Insert(ingKey) + } + } + } + + return oldIngresses.Difference(newIngresses).List() +} + +// IsDynamicConfigurationEnough returns whether a Configuration can be +// dynamically applied, without reloading the backend. +func IsDynamicConfigurationEnough(newcfg *ingress.Configuration, oldcfg *ingress.Configuration) bool { + copyOfRunningConfig := *oldcfg + copyOfPcfg := *newcfg + + copyOfRunningConfig.Backends = []*ingress.Backend{} + copyOfPcfg.Backends = []*ingress.Backend{} + + clearL4serviceEndpoints(©OfRunningConfig) + clearL4serviceEndpoints(©OfPcfg) + + clearCertificates(©OfRunningConfig) + clearCertificates(©OfPcfg) + + return copyOfRunningConfig.Equal(©OfPcfg) +} + +// clearL4serviceEndpoints is a helper function to clear endpoints from the ingress configuration since they should be ignored when +// checking if the new configuration changes can be applied dynamically. +func clearL4serviceEndpoints(config *ingress.Configuration) { + var clearedTCPL4Services []ingress.L4Service + var clearedUDPL4Services []ingress.L4Service + for _, service := range config.TCPEndpoints { + copyofService := ingress.L4Service{ + Port: service.Port, + Backend: service.Backend, + Endpoints: []ingress.Endpoint{}, + Service: nil, + } + clearedTCPL4Services = append(clearedTCPL4Services, copyofService) + } + for _, service := range config.UDPEndpoints { + copyofService := ingress.L4Service{ + Port: service.Port, + Backend: service.Backend, + Endpoints: []ingress.Endpoint{}, + Service: nil, + } + clearedUDPL4Services = append(clearedUDPL4Services, copyofService) + } + config.TCPEndpoints = clearedTCPL4Services + config.UDPEndpoints = clearedUDPL4Services +} + +// clearCertificates is a helper function to clear Certificates from the ingress configuration since they should be ignored when +// checking if the new configuration changes can be applied dynamically if dynamic certificates is on +func clearCertificates(config *ingress.Configuration) { + var clearedServers []*ingress.Server + for _, server := range config.Servers { + copyOfServer := *server + copyOfServer.SSLCert = nil + clearedServers = append(clearedServers, ©OfServer) + } + config.Servers = clearedServers +} + +type redirect struct { + From string + To string + SSLCert *ingress.SSLCert +} + +// BuildRedirects build the redirects of servers based on configurations and certificates +func BuildRedirects(servers []*ingress.Server) []*redirect { + names := sets.String{} + redirectServers := make([]*redirect, 0) + + for _, srv := range servers { + if !srv.RedirectFromToWWW { + continue + } + + to := srv.Hostname + + var from string + if strings.HasPrefix(to, "www.") { + from = strings.TrimPrefix(to, "www.") + } else { + from = fmt.Sprintf("www.%v", to) + } + + if names.Has(to) { + continue + } + + klog.V(3).InfoS("Creating redirect", "from", from, "to", to) + found := false + for _, esrv := range servers { + if esrv.Hostname == from { + found = true + break + } + } + + if found { + klog.Warningf("Already exists an Ingress with %q hostname. Skipping creation of redirection from %q to %q.", from, from, to) + continue + } + + r := &redirect{ + From: from, + To: to, + } + + if srv.SSLCert != nil { + if ssl.IsValidHostname(from, srv.SSLCert.CN) { + r.SSLCert = srv.SSLCert + } else { + klog.Warningf("the server %v has SSL configured but the SSL certificate does not contains a CN for %v. Redirects will not work for HTTPS to HTTPS", from, to) + } + } + + redirectServers = append(redirectServers, r) + names.Insert(to) + } + + return redirectServers +} diff --git a/pkg/util/ingress/ingress_test.go b/pkg/util/ingress/ingress_test.go new file mode 100644 index 000000000..24597fb6e --- /dev/null +++ b/pkg/util/ingress/ingress_test.go @@ -0,0 +1,132 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ingress + +import ( + "testing" + + "k8s.io/ingress-nginx/pkg/apis/ingress" +) + +func TestIsDynamicConfigurationEnough(t *testing.T) { + backends := []*ingress.Backend{{ + Name: "fakenamespace-myapp-80", + Endpoints: []ingress.Endpoint{ + { + Address: "10.0.0.1", + Port: "8080", + }, + { + Address: "10.0.0.2", + Port: "8080", + }, + }, + }} + + servers := []*ingress.Server{{ + Hostname: "myapp.fake", + Locations: []*ingress.Location{ + { + Path: "/", + Backend: "fakenamespace-myapp-80", + }, + }, + SSLCert: &ingress.SSLCert{ + PemCertKey: "fake-certificate", + }, + }} + + commonConfig := &ingress.Configuration{ + Backends: backends, + Servers: servers, + } + + runningConfig := &ingress.Configuration{ + Backends: backends, + Servers: servers, + } + + newConfig := commonConfig + if !IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("When new config is same as the running config it should be deemed as dynamically configurable") + } + + newConfig = &ingress.Configuration{ + Backends: []*ingress.Backend{{Name: "another-backend-8081"}}, + Servers: []*ingress.Server{{Hostname: "myapp1.fake"}}, + } + if IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("Expected to not be dynamically configurable when there's more than just backends change") + } + + newConfig = &ingress.Configuration{ + Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, + Servers: servers, + } + + if !IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("Expected to be dynamically configurable when only backends change") + } + + newServers := []*ingress.Server{{ + Hostname: "myapp1.fake", + Locations: []*ingress.Location{ + { + Path: "/", + Backend: "fakenamespace-myapp-80", + }, + }, + SSLCert: &ingress.SSLCert{ + PemCertKey: "fake-certificate", + }, + }} + + newConfig = &ingress.Configuration{ + Backends: backends, + Servers: newServers, + } + if IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("Expected to not be dynamically configurable when dynamic certificates is enabled and a non-certificate field in servers is updated") + } + + newServers[0].Hostname = "myapp.fake" + newServers[0].SSLCert.PemCertKey = "new-fake-certificate" + + newConfig = &ingress.Configuration{ + Backends: backends, + Servers: newServers, + } + if !IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("Expected to be dynamically configurable when only SSLCert changes") + } + + newConfig = &ingress.Configuration{ + Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, + Servers: newServers, + } + if !IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("Expected to be dynamically configurable when backend and SSLCert changes") + } + + if !runningConfig.Equal(commonConfig) { + t.Errorf("Expected running config to not change") + } + + if !newConfig.Equal(&ingress.Configuration{Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, Servers: newServers}) { + t.Errorf("Expected new config to not change") + } +} diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index ff47ffa51..0f01ae3cb 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -38,7 +38,6 @@ import ( "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" restclient "k8s.io/client-go/rest" - "k8s.io/ingress-nginx/internal/k8s" "k8s.io/klog/v2" ) @@ -60,8 +59,6 @@ var ( type Framework struct { BaseName string - IsIngressV1Ready bool - // A Kubernetes and Service Catalog client KubeClientSet kubernetes.Interface KubeConfig *restclient.Config @@ -116,7 +113,6 @@ func (f *Framework) CreateEnvironment() { f.KubeClientSet, err = kubernetes.NewForConfig(f.KubeConfig) assert.Nil(ginkgo.GinkgoT(), err, "creating a kubernetes client") - f.IsIngressV1Ready = k8s.NetworkingIngressAvailable(f.KubeClientSet) } f.Namespace, err = CreateKubeNamespace(f.BaseName, f.KubeClientSet) From 3a450e04689fa472ac9161afef46895639bfb8f3 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Mon, 22 Aug 2022 23:54:29 +0530 Subject: [PATCH 224/494] updated testrunner and testecho images (#8948) --- build/run-in-docker.sh | 2 +- .../customization/external-auth-headers/echo-service.yaml | 2 +- test/e2e-image/Makefile | 2 +- test/e2e/framework/deployment.go | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 7fdc20699..3a1d5a5fa 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220624-g3348cd71e@sha256:2a34e322b7ff89abdfa0b6202f903bf5618578b699ff609a3ddabac0aae239c8} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220819-ga98c63787@sha256:608ef1c1e5783e4a0c4fe57d8f85aa30eb0a3d25e5b1492197e8a95382d5e09d} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/docs/examples/customization/external-auth-headers/echo-service.yaml b/docs/examples/customization/external-auth-headers/echo-service.yaml index 636aaded1..0fe37be56 100644 --- a/docs/examples/customization/external-auth-headers/echo-service.yaml +++ b/docs/examples/customization/external-auth-headers/echo-service.yaml @@ -18,7 +18,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: echo-service - image: gcr.io/k8s-staging-ingress-nginx/e2e-test-echo:v1.0.0 + image: registry.k8s.io/ingress-nginx/e2e-test-echo:v20220819-ga98c63787@sha256:778ac6d1188c8de8ecabeddd3c37b72c8adc8c712bad2bd7a81fb23a3514934c ports: - containerPort: 8080 resources: diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index a9c6db7c5..47eb1521d 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220801-g00ee51f09@sha256:795923c427f6dda855338c654448b4348fb845db152fbcad9cd8d186385d01c4" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220819-ga98c63787@sha256:608ef1c1e5783e4a0c4fe57d8f85aa30eb0a3d25e5b1492197e8a95382d5e09d" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 7d79f1bff..b37060af1 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -78,7 +78,7 @@ func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { o(options) } - deployment := newDeployment(options.name, options.namespace, "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:f45fb156e1488ae29aa5e98d2faf8731c79bc5a19c2f39a3c4069566ba629a78", 80, int32(options.replicas), + deployment := newDeployment(options.name, options.namespace, "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:778ac6d1188c8de8ecabeddd3c37b72c8adc8c712bad2bd7a81fb23a3514934c", 80, int32(options.replicas), nil, []corev1.VolumeMount{}, []corev1.Volume{}, From cecd085ef73d20bf9962e036a1c87cdf72d9327e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:20:10 -0700 Subject: [PATCH 225/494] Bump github/codeql-action from 2.1.18 to 2.1.19 (#8950) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.18 to 2.1.19. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.1.18...f5d217be74900c6ac8fbbe53f3c10376ba4e64da) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 26271c309..3c7d81687 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 # v2.1.14 + uses: github/codeql-action/upload-sarif@f5d217be74900c6ac8fbbe53f3c10376ba4e64da # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 82cc99888..284c1def4 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03 + uses: github/codeql-action/upload-sarif@f5d217be74900c6ac8fbbe53f3c10376ba4e64da with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 2e3eb675a899808c11887acc72c795fba21419a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:22:09 -0700 Subject: [PATCH 226/494] Bump geekyeggo/delete-artifact (#8951) Bumps [geekyeggo/delete-artifact](https://github.com/geekyeggo/delete-artifact) from a6ab43859c960a8b74cbc6291f362c7fb51829ba to 1. This release includes the previously tagged commit. - [Release notes](https://github.com/geekyeggo/delete-artifact/releases) - [Commits](https://github.com/geekyeggo/delete-artifact/compare/a6ab43859c960a8b74cbc6291f362c7fb51829ba...b73cb986740e466292a536d0e32e2666c56fdeb3) --- updated-dependencies: - dependency-name: geekyeggo/delete-artifact dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2ca339184..2e73dbbb6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -177,7 +177,7 @@ jobs: version: v0.14.0 image: kindest/node:v1.21.12 - - uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba # v1 + - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: name: docker.tar.gz failOnError: false @@ -228,7 +228,7 @@ jobs: config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba # v1 + - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: name: docker.tar.gz failOnError: false @@ -285,7 +285,7 @@ jobs: config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba + - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 with: name: docker.tar.gz failOnError: false From 21fab45e9d3ac1609290c53a52748ecaa638b6e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:24:09 -0700 Subject: [PATCH 227/494] Bump securego/gosec (#8952) Bumps [securego/gosec](https://github.com/securego/gosec) from b99b5f7838e43a4104354ad92a6a1774302ee1f9 to 2.13.1. This release includes the previously tagged commit. - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](https://github.com/securego/gosec/compare/b99b5f7838e43a4104354ad92a6a1774302ee1f9...19fa856badad483cae700ee1213dd7f1a933d6d3) --- updated-dependencies: - dependency-name: securego/gosec dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2e73dbbb6..011aa3a5a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -53,7 +53,7 @@ jobs: uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - name: Run Gosec Security Scanner - uses: securego/gosec@b99b5f7838e43a4104354ad92a6a1774302ee1f9 # master + uses: securego/gosec@19fa856badad483cae700ee1213dd7f1a933d6d3 # master with: # G601 for zz_generated.deepcopy.go # G306 TODO: Expect WriteFile permissions to be 0600 or less From c3fb817985dc0db0ed9b71833c103cc5fb0d2a83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:26:09 -0700 Subject: [PATCH 228/494] Bump aquasecurity/trivy-action from 0.5.1 to 0.7.1 (#8953) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.5.1 to 0.7.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0105373003c89c494a3f436bd5efc57f3ac1ca20...d63413b0a4a4482237085319f7f4a1ce99a8f2ac) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/vulnerability-scans.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 284c1def4..633829630 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -60,7 +60,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@0105373003c89c494a3f436bd5efc57f3ac1ca20 #v0.5.1 + uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac #v0.5.1 with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' From d7373c91407b11e0b3e4d56c2d37b76afbb72661 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:28:08 -0700 Subject: [PATCH 229/494] Bump actions/dependency-review-action from 2.0.4 to 2.1.0 (#8954) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.4 to 2.1.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/94145f3150bfabdc97540cbd5f7e926306ea7744...23d1ffffb6fa5401173051ec21eba8c35242733f) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 9f32403c5..b16d44681 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@94145f3150bfabdc97540cbd5f7e926306ea7744 #v2.0.2 + uses: actions/dependency-review-action@23d1ffffb6fa5401173051ec21eba8c35242733f #v2.0.2 From c1b3a5065bf64a441a475ad59fc5eaace4e907e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:30:09 -0700 Subject: [PATCH 230/494] Bump azure/setup-helm from 2.1 to 3.3 (#8956) Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 2.1 to 3.3. - [Release notes](https://github.com/azure/setup-helm/releases) - [Commits](https://github.com/azure/setup-helm/compare/217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba...b5b231a831f96336bbfeccc1329990f0005c5bb1) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 011aa3a5a..d4f9fb4d3 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -234,7 +234,7 @@ jobs: failOnError: false - name: Prepare cluster for testing - uses: azure/setup-helm@217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba #v2.1 + uses: azure/setup-helm@b5b231a831f96336bbfeccc1329990f0005c5bb1 #v2.1 with: version: 'v3.8.0' id: local-path @@ -291,7 +291,7 @@ jobs: failOnError: false - name: Prepare cluster for testing - uses: azure/setup-helm@217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba #v2.1 + uses: azure/setup-helm@b5b231a831f96336bbfeccc1329990f0005c5bb1 #v2.1 with: version: 'v3.8.0' id: local-path From 363a7f7fb23797792628c8064ad910603b47dc35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:32:09 -0700 Subject: [PATCH 231/494] Bump github/codeql-action from 2.1.19 to 2.1.20 (#8957) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.19 to 2.1.20. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f5d217be74900c6ac8fbbe53f3c10376ba4e64da...7fee4ca032ac341c12486c4c06822c5221c76533) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3c7d81687..b045c3fc9 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f5d217be74900c6ac8fbbe53f3c10376ba4e64da # v2.1.14 + uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 633829630..ce1840a0a 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@f5d217be74900c6ac8fbbe53f3c10376ba4e64da + uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From fe09f6d096d3acac25721e29aab0cad25b0b110c Mon Sep 17 00:00:00 2001 From: Christian Date: Tue, 23 Aug 2022 00:38:09 +0200 Subject: [PATCH 232/494] Don't error log when no OCSP responder URL exists (#8881) --- rootfs/etc/nginx/lua/certificate.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua index 630462fab..48c8d7134 100644 --- a/rootfs/etc/nginx/lua/certificate.lua +++ b/rootfs/etc/nginx/lua/certificate.lua @@ -120,10 +120,14 @@ end -- While this has no functional implications, it generates extra load on OCSP servers. local function fetch_and_cache_ocsp_response(uid, der_cert) local url, err = ocsp.get_ocsp_responder_from_der_chain(der_cert) - if not url then + if not url and err then ngx.log(ngx.ERR, "could not extract OCSP responder URL: ", err) return end + if not url and not err then + ngx.log(ngx.DEBUG, "no OCSP responder URL returned") + return + end local request request, err = ocsp.create_ocsp_request(der_cert) From 730174f73d8c1c581788f65bac8510c298d6ccd0 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Tue, 23 Aug 2022 06:38:16 +0800 Subject: [PATCH 233/494] feat: using LeaseLock for election (#8921) We removed the use of configmap as an election lock, so we will use the Lease API to complete the election. Before this, we used `MultiLock` to facilitate smooth migration of existing users of ingress-nginx from configmap to LeaseLock. Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- .../templates/controller-role.yaml | 15 --------------- internal/ingress/controller/status.go | 19 +++++-------------- test/e2e/status/update.go | 6 +++--- 3 files changed, 8 insertions(+), 32 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 8e5f8a0d7..7a10adb52 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -58,21 +58,6 @@ rules: - get - list - watch - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - {{ .Values.controller.electionID }} - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resources: diff --git a/internal/ingress/controller/status.go b/internal/ingress/controller/status.go index a56a6b831..3b0a41ab8 100644 --- a/internal/ingress/controller/status.go +++ b/internal/ingress/controller/status.go @@ -99,25 +99,16 @@ func setupLeaderElection(config *leaderElectionConfig) { EventRecorder: recorder, } - // TODO: If we upgrade client-go to v0.24 then we can only use LeaseLock. - // MultiLock is used for lock's migration - lock := resourcelock.MultiLock{ - Primary: &resourcelock.ConfigMapLock{ - ConfigMapMeta: objectMeta, - Client: config.Client.CoreV1(), - LockConfig: resourceLockConfig, - }, - Secondary: &resourcelock.LeaseLock{ - LeaseMeta: objectMeta, - Client: config.Client.CoordinationV1(), - LockConfig: resourceLockConfig, - }, + lock := &resourcelock.LeaseLock{ + LeaseMeta: objectMeta, + Client: config.Client.CoordinationV1(), + LockConfig: resourceLockConfig, } ttl := 30 * time.Second elector, err := leaderelection.NewLeaderElector(leaderelection.LeaderElectionConfig{ - Lock: &lock, + Lock: lock, LeaseDuration: ttl, RenewDeadline: ttl / 2, RetryPeriod: ttl / 4, diff --git a/test/e2e/status/update.go b/test/e2e/status/update.go index b512520f4..c9c6ef333 100644 --- a/test/e2e/status/update.go +++ b/test/e2e/status/update.go @@ -92,10 +92,10 @@ var _ = framework.IngressNginxDescribe("[Status] status update", func() { assert.Nil(ginkgo.GinkgoT(), err, "unexpected error cleaning Ingress status") framework.Sleep(10 * time.Second) - err = f.KubeClientSet.CoreV1(). - ConfigMaps(f.Namespace). + err = f.KubeClientSet.CoordinationV1(). + Leases(f.Namespace). Delete(context.TODO(), "ingress-controller-leader", metav1.DeleteOptions{}) - assert.Nil(ginkgo.GinkgoT(), err, "unexpected error deleting leader election configmap") + assert.Nil(ginkgo.GinkgoT(), err, "unexpected error deleting leader election lease") _, cmd, err = f.KubectlProxy(port) assert.Nil(ginkgo.GinkgoT(), err, "unexpected error starting kubectl proxy") From 1791b62e453846696dc28d65ce082998c6cd09d2 Mon Sep 17 00:00:00 2001 From: Mangirdas Judeikis Date: Tue, 23 Aug 2022 02:08:09 +0300 Subject: [PATCH 234/494] Add NetworkPolicy support (#8928) * Add NetworkPolicy support * add doc for np --- charts/ingress-nginx/README.md | 1 + .../controller-wehbooks-networkpolicy.yaml | 19 +++++++++++++++++++ charts/ingress-nginx/values.yaml | 1 + 3 files changed, 21 insertions(+) create mode 100644 charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 212b4f324..d18b3d571 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -249,6 +249,7 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | | | controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks | | controller.admissionWebhooks.namespaceSelector | object | `{}` | | +| controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | | controller.admissionWebhooks.patch.fsGroup | int | `2000` | | diff --git a/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml b/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml new file mode 100644 index 000000000..f74c2fbf3 --- /dev/null +++ b/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml @@ -0,0 +1,19 @@ +{{- if .Values.controller.admissionWebhooks.enabled }} +{{- if .Values.controller.admissionWebhooks.networkPolicyEnabled }} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }}-webhooks-allow + namespace: {{ .Release.Namespace }} +spec: + ingress: + - {} + podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} + policyTypes: + - Ingress + +{{- end }} +{{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index fed3a5b05..76e3355fe 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -615,6 +615,7 @@ controller: # -- Use an existing PSP instead of creating one existingPsp: "" + networkPolicyEnabled: false service: annotations: {} From cad575e923a6e7eaae7c0cb5c8d536732517ea54 Mon Sep 17 00:00:00 2001 From: omichels Date: Tue, 23 Aug 2022 01:12:09 +0200 Subject: [PATCH 235/494] securityContext in admission-webhook now configurable e.g. to set seccompProfiles (#8930) * Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles Signed-off-by: Oliver Michels * Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles Signed-off-by: Oliver Michels * Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles Signed-off-by: Oliver Michels * Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles Signed-off-by: Oliver Michels Signed-off-by: Oliver Michels --- charts/ingress-nginx/Chart.yaml | 2 +- charts/ingress-nginx/README.md | 7 ++++--- .../admission-webhooks/job-patch/job-createSecret.yaml | 6 +++--- .../admission-webhooks/job-patch/job-patchWebhook.yaml | 6 +++--- charts/ingress-nginx/values.yaml | 7 +++++-- 5 files changed, 16 insertions(+), 12 deletions(-) diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 0b5fa4dd1..36df7a3bf 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.1 +version: 4.2.2 appVersion: 1.3.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index d18b3d571..a73b71a99 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.1](https://img.shields.io/badge/Version-4.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 4.2.2](https://img.shields.io/badge/Version-4.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -252,7 +252,6 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.fsGroup | int | `2000` | | | controller.admissionWebhooks.patch.image.digest | string | `"sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | @@ -262,7 +261,9 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | | controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job | -| controller.admissionWebhooks.patch.runAsUser | int | `2000` | | +| controller.admissionWebhooks.patch.securityContext.fsGroup | int | `2000` | | +| controller.admissionWebhooks.patch.securityContext.runAsNonRoot | bool | `true` | | +| controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | | | controller.admissionWebhooks.patch.tolerations | list | `[]` | | | controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | | | controller.admissionWebhooks.port | int | `8443` | | diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 72c17eae4..7558e0b1a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -72,8 +72,8 @@ spec: {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.securityContext }} securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }} - fsGroup: {{ .Values.controller.admissionWebhooks.patch.fsGroup }} + {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 3a1637a64..05282150b 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -74,8 +74,8 @@ spec: {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.securityContext }} securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }} - fsGroup: {{ .Values.controller.admissionWebhooks.patch.fsGroup }} + {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 76e3355fe..1889e4901 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -658,8 +658,11 @@ controller: tolerations: [] # -- Labels to be added to patch job resources labels: {} - runAsUser: 2000 - fsGroup: 2000 + securityContext: + runAsNonRoot: true + runAsUser: 2000 + fsGroup: 2000 + metrics: port: 10254 From 63edd3befd1ec70d9d252efee565befa41487870 Mon Sep 17 00:00:00 2001 From: Edvin N Date: Tue, 23 Aug 2022 01:14:09 +0200 Subject: [PATCH 236/494] Document internal-logger-address cli arg (#8873) Signed-off-by: Edvin Norling Signed-off-by: Edvin Norling --- docs/user-guide/cli-arguments.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index ae7c5b3ba..0b710958d 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -30,6 +30,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--https-port` | Port to use for servicing HTTPS traffic. (default 443) | | `--ingress-class` | Name of the ingress class this controller satisfies. The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.18.0 or higher or the annotation "kubernetes.io/ingress.class" (deprecated). If this parameter is not set, or set to the default value of "nginx", it will handle ingresses with either an empty or "nginx" class name. | | `--ingress-class-by-name` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false) | +| `--internal-logger-address` | Define the internal logger address to use when chroot images is used. (default 127.0.0.1:11514) | | `--kubeconfig` | Path to a kubeconfig file containing authorization and API server information. | | `--log_backtrace_at` | when logging hits line file:N, emit a stack trace (default :0) | | `--log_dir` | If non-empty, write log files in this directory | From adeb84aa38cbccb8dde471ab222b799b7cc439d3 Mon Sep 17 00:00:00 2001 From: Anders Swanson <91502735+anders-swanson@users.noreply.github.com> Date: Mon, 22 Aug 2022 16:20:09 -0700 Subject: [PATCH 237/494] Metrics port name (Helm) (#8665) --- charts/ingress-nginx/templates/controller-daemonset.yaml | 2 +- charts/ingress-nginx/templates/controller-deployment.yaml | 2 +- .../ingress-nginx/templates/controller-service-metrics.yaml | 4 ++-- charts/ingress-nginx/templates/controller-servicemonitor.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 2dca8e5c1..80c268f7c 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -114,7 +114,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: metrics + - name: http-metrics containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 5b781f8de..5ad186794 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -118,7 +118,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: metrics + - name: http-metrics containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service-metrics.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml index 0aaf41473..1c1d5bddb 100644 --- a/charts/ingress-nginx/templates/controller-service-metrics.yaml +++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml @@ -31,10 +31,10 @@ spec: externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }} {{- end }} ports: - - name: metrics + - name: http-metrics port: {{ .Values.controller.metrics.service.servicePort }} protocol: TCP - targetPort: metrics + targetPort: http-metrics {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }} {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }} nodePort: {{ .Values.controller.metrics.service.nodePort }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 4dbc6da9f..973d36b3e 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -14,7 +14,7 @@ metadata: {{- end }} spec: endpoints: - - port: metrics + - port: http-metrics interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} honorLabels: true From d5893d4a2e0eb9cf16ad1a5c9e93d19c347e6110 Mon Sep 17 00:00:00 2001 From: Zadkiel Aharonian Date: Tue, 23 Aug 2022 01:20:16 +0200 Subject: [PATCH 238/494] fix(controller): typo in catch-all CheckIngress error message (#8905) --- internal/ingress/controller/controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index bba932d16..ab03e5b27 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -265,7 +265,7 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error { } if n.cfg.DisableCatchAll && ing.Spec.DefaultBackend != nil { - return fmt.Errorf("This deployment is trying to create a catch-all ingress while DisableCatchAll flag is set to true. Remove '.spec.backend' or set DisableCatchAll flag to false.") + return fmt.Errorf("This deployment is trying to create a catch-all ingress while DisableCatchAll flag is set to true. Remove '.spec.defaultBackend' or set DisableCatchAll flag to false.") } startRender := time.Now().UnixNano() / 1000000 cfg := n.store.GetBackendConfiguration() From 69318355b167b2cd4eb6a9c90c1fc793200e982c Mon Sep 17 00:00:00 2001 From: Harpreet singh Date: Tue, 23 Aug 2022 07:26:23 +0800 Subject: [PATCH 239/494] Fix defaultServer backend update for Ingress with defaultBackend. (#8825) --- internal/ingress/controller/controller.go | 10 ++++------ test/e2e/ingress/without_host.go | 8 ++++++++ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index ab03e5b27..5287034c6 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -1208,17 +1208,15 @@ func (n *NGINXController) createServers(data []*ingress.Ingress, // use backend specified in Ingress as the default backend for all its rules un = backendUpstream.Name - // special "catch all" case, Ingress with a backend but no rule defLoc := servers[defServerName].Locations[0] - defLoc.Backend = backendUpstream.Name - defLoc.Service = backendUpstream.Service - defLoc.Ingress = ing - if defLoc.IsDefBackend && len(ing.Spec.Rules) == 0 { klog.V(2).Infof("Ingress %q defines a backend but no rule. Using it to configure the catch-all server %q", ingKey, defServerName) defLoc.IsDefBackend = false - + // special "catch all" case, Ingress with a backend but no rule + defLoc.Backend = backendUpstream.Name + defLoc.Service = backendUpstream.Service + defLoc.Ingress = ing // TODO: Redirect and rewrite can affect the catch all behavior, skip for now originalRedirect := defLoc.Redirect originalRewrite := defLoc.Rewrite diff --git a/test/e2e/ingress/without_host.go b/test/e2e/ingress/without_host.go index 6ec7f5bd5..38f89beda 100644 --- a/test/e2e/ingress/without_host.go +++ b/test/e2e/ingress/without_host.go @@ -93,5 +93,13 @@ var _ = framework.IngressNginxDescribe("[Ingress] definition without host", func WithHeader("Host", "only-backend"). Expect(). Status(http.StatusOK) + // Following assertion added with respect to issue https://github.com/kubernetes/ingress-nginx/issues/8823 + // This check ensure that ingress having defaultBackend with rules should only be added as default backend + // for the host mentioned in rule. It should not affect the default catch-all server_name _ block. + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", "only-backend-doesnotexist"). + Expect(). + Status(http.StatusNotFound) }) }) From 45f71d5a164b622e66c54839c6d5e14412a9fc1d Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Tue, 23 Aug 2022 02:30:28 +0300 Subject: [PATCH 240/494] make keep-alive docs more explicit #8927 (#8944) Signed-off-by: Ismayil Mirzali Signed-off-by: Ismayil Mirzali --- docs/user-guide/nginx-configuration/configmap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index e5af31cb5..cd25095b0 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -431,7 +431,7 @@ Enables or disables the preload attribute in the HSTS feature (when it is enable ## keep-alive -Sets the time during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. +Sets the time, in seconds, during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. _References:_ [https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) From ffcf13c09b62c9691aaac77a32e21fdef36575e1 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Tue, 23 Aug 2022 15:29:24 +0800 Subject: [PATCH 241/494] revert changes to configmap resource permissions (#8959) Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- build/run-in-docker.sh | 2 +- charts/ingress-nginx/Chart.yaml | 3 ++- charts/ingress-nginx/README.md | 2 +- .../templates/controller-role.yaml | 20 +++++++++++++++++++ 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 3a1d5a5fa..7fdc20699 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220819-ga98c63787@sha256:608ef1c1e5783e4a0c4fe57d8f85aa30eb0a3d25e5b1492197e8a95382d5e09d} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220624-g3348cd71e@sha256:2a34e322b7ff89abdfa0b6202f903bf5618578b699ff609a3ddabac0aae239c8} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 36df7a3bf..8b7f8ca16 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.2 +version: 4.2.3 appVersion: 1.3.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer @@ -27,3 +27,4 @@ annotations: # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" + - "fix permissions about configmap" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index a73b71a99..8357cab56 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.2](https://img.shields.io/badge/Version-4.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 4.2.3](https://img.shields.io/badge/Version-4.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 7a10adb52..330be8c86 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -58,6 +58,26 @@ rules: - get - list - watch + # TODO(Jintao Zhang) + # Once we release a new version of the controller, + # we will be able to remove the configmap related permissions + # We have used the Lease API for selection + # ref: https://github.com/kubernetes/ingress-nginx/pull/8921 + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - {{ .Values.controller.electionID }} + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resources: From e19026fe4eeafcc5ab16c5f73a05de43604b1491 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Tue, 23 Aug 2022 16:05:23 +0800 Subject: [PATCH 242/494] upgrade yamale and yamllint version (#8960) Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- images/test-runner/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 0f2b72bad..7cd0d6251 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -47,8 +47,8 @@ build: ensure-buildx --build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ --build-arg CHART_TESTING_VERSION=3.0.0 \ - --build-arg YAML_LINT_VERSION=1.13.0 \ - --build-arg YAMALE_VERSION=1.8.0 \ + --build-arg YAML_LINT_VERSION=1.27.1 \ + --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=v3.9.0 \ -t $(IMAGE):$(TAG) rootfs From 511f7cd55fb2776927f74c21784798edc56b7d49 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Wed, 24 Aug 2022 14:28:25 +0530 Subject: [PATCH 243/494] updated to testrunnerimage with updated yamle yamllint (#8967) --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 7fdc20699..77e7b7a38 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220624-g3348cd71e@sha256:2a34e322b7ff89abdfa0b6202f903bf5618578b699ff609a3ddabac0aae239c8} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220823-ge19026fe4@sha256:038fc60379b6ce9a0134c2ff9134edccad1f8ecbd9c6ebed9660711d05b0ed95} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 47eb1521d..f04307f81 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220819-ga98c63787@sha256:608ef1c1e5783e4a0c4fe57d8f85aa30eb0a3d25e5b1492197e8a95382d5e09d" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220823-ge19026fe4@sha256:038fc60379b6ce9a0134c2ff9134edccad1f8ecbd9c6ebed9660711d05b0ed95" image: echo "..entered Makefile in /test/e2e-image" From f6d04d3e3bb3db11641644962c1a5317cacf6cd8 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Wed, 24 Aug 2022 14:54:03 +0300 Subject: [PATCH 244/494] fix: bump k8s dependencies to fix go-restful CVE (#8969) [1] https://nvd.nist.gov/vuln/detail/CVE-2022-1996 [2] https://github.com/kubernetes/ingress-nginx/issues/8745 Signed-off-by: Ismayil Mirzali Signed-off-by: Ismayil Mirzali --- go.mod | 46 +++++++++--------- go.sum | 145 +++++++++++++++++++++++++++++++++++++++------------------ 2 files changed, 123 insertions(+), 68 deletions(-) diff --git a/go.mod b/go.mod index 0dcd77946..ce9ddea9e 100644 --- a/go.mod +++ b/go.mod @@ -25,17 +25,17 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a - golang.org/x/crypto v0.0.0-20220214200702-86341886e292 - golang.org/x/net v0.0.0-20220225172249-27dd8689420f + golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd + golang.org/x/net v0.0.0-20220722155237-a158d28d115b google.golang.org/grpc v1.48.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.23.6 + k8s.io/api v0.25.0 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.23.6 + k8s.io/apimachinery v0.25.0 k8s.io/apiserver v0.23.5 - k8s.io/cli-runtime v0.23.5 - k8s.io/client-go v0.23.6 + k8s.io/cli-runtime v0.25.0 + k8s.io/client-go v0.25.0 k8s.io/code-generator v0.23.5 k8s.io/component-base v0.23.6 k8s.io/klog/v2 v2.70.1 @@ -45,10 +45,10 @@ require ( ) require ( - cloud.google.com/go v0.81.0 // indirect + cloud.google.com/go v0.97.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.18 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect + github.com/Azure/go-autorest/autorest v0.11.27 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect @@ -65,27 +65,28 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful v2.9.5+incompatible // indirect + github.com/emicklei/go-restful/v3 v3.8.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fatih/structs v1.0.0 // indirect - github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b // indirect github.com/go-errors/errors v1.0.1 // indirect - github.com/go-logr/logr v1.2.0 // indirect + github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang-jwt/jwt/v4 v4.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7 // indirect github.com/google/btree v1.0.1 // indirect + github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.8 // indirect github.com/google/go-querystring v1.0.0 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect - github.com/googleapis/gnostic v0.5.5 // indirect github.com/gorilla/websocket v1.4.2 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/imkira/go-interpol v1.0.0 // indirect @@ -100,6 +101,7 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -112,33 +114,33 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.1.0 // indirect - github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect + github.com/xlab/treeprint v1.1.0 // indirect github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 // indirect github.com/yudai/gojsondiff v1.0.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect + golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect - golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect + golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect golang.org/x/tools v0.1.10 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 // indirect + google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect - k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect - k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect + k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect + k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e // indirect - sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect - sigs.k8s.io/kustomize/api v0.10.1 // indirect - sigs.k8s.io/kustomize/kyaml v0.13.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect + sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect + sigs.k8s.io/kustomize/api v0.12.1 // indirect + sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 4e81b0cd7..fc2d61415 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,15 @@ cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKP cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0 h1:at8Tk2zUz63cLPR0JPWm5vp77pEZmzxEQBEfRKn1VV8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= +cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= +cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= +cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= +cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= +cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= +cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= +cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8= +cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -42,14 +49,18 @@ github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.18 h1:90Y4srNYrwOtAgVo3ndrQkTYn6kf1Eg/AjTFJ8Is2aM= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q= +github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= +github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= +github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= +github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= +github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= @@ -77,7 +88,6 @@ github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHG github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= @@ -120,10 +130,8 @@ github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoC github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= @@ -152,6 +160,8 @@ github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkg github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= +github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -161,7 +171,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fasthttp/websocket v1.4.3-rc.6 h1:omHqsl8j+KXpmzRjF8bmzOSYJ8GnS0E3efi1wYT+niY= @@ -171,7 +180,6 @@ github.com/fatih/structs v1.0.0 h1:BrX964Rv5uQ3wwS+KRUAJCBBw5PQmgJfJ6v4yly5QwU= github.com/fatih/structs v1.0.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -200,8 +208,9 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= +github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -222,6 +231,9 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -238,6 +250,7 @@ github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -265,6 +278,8 @@ github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= +github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= +github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -287,6 +302,7 @@ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -298,21 +314,22 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= @@ -393,12 +410,10 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -445,6 +460,7 @@ github.com/moul/pb v0.0.0-20220425114252-bca18df4138c h1:1STmblv9zmHLDpru4dbnf1P github.com/moul/pb v0.0.0-20220425114252-bca18df4138c/go.mod h1:jE2HT8eoucYyUPBFJMreiVlC3KPHkDMtN8wn+ef7Y64= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -558,24 +574,20 @@ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/testify v1.1.3/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= @@ -592,7 +604,6 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= @@ -610,9 +621,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1: github.com/xeipuuv/gojsonschema v1.1.0 h1:ngVtJC9TY/lg0AA/1k48FYhBrhRoFlEmWzsehpNAaZg= github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca h1:1CFlNzQhALwjS9mBAUkycX616GzgsuYUOCHA5+HSlXI= -github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= +github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 h1:6fRhSjgLCkTD3JnJxvaJ4Sj+TYblw757bqYgZaOq5ZY= github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI= github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA= @@ -683,8 +693,11 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38= +golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -735,7 +748,6 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -767,6 +779,7 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -774,8 +787,9 @@ golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -789,6 +803,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= @@ -866,19 +882,24 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= @@ -897,8 +918,9 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -954,7 +976,10 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= @@ -987,6 +1012,13 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= +google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= +google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= +google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= +google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= +google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= +google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1038,12 +1070,24 @@ google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 h1:NHN4wOCScVzKhPenJ2dt+BTs3X/XkBVI/Rh4iDt55T8= +google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= +google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= +google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0 h1:5Tbluzus3QxoAJx4IefGt1W0HQZW4nuMrVk684jI74Q= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= @@ -1062,10 +1106,14 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w= google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1131,26 +1179,28 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.23.6 h1:yOK34wbYECH4RsJbQ9sfkFK3O7f/DUHRlzFehkqZyVw= k8s.io/api v0.23.6/go.mod h1:1kFaYxGCFHYp3qd6a85DAj/yW8aVD6XLZMqJclkoi9g= +k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0= +k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.23.6 h1:RH1UweWJkWNTlFx0D8uxOpaU1tjIOvVVWV/bu5b3/NQ= k8s.io/apimachinery v0.23.6/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= +k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU= +k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0= k8s.io/apiserver v0.23.5 h1:2Ly8oUjz5cnZRn1YwYr+aFgDZzUmEVL9RscXbnIeDSE= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= -k8s.io/cli-runtime v0.23.5 h1:Z7XUpGoJZYZB2uNjQfJjMbyDKyVkoBGye62Ap0sWQHY= -k8s.io/cli-runtime v0.23.5/go.mod h1:oY6QDF2qo9xndSq32tqcmRp2UyXssdGrLfjAVymgbx4= +k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= +k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.23.6 h1:7h4SctDVQAQbkHQnR4Kzi7EyUyvla5G1pFWf4+Od7hQ= k8s.io/client-go v0.23.6/go.mod h1:Umt5icFOMLV/+qbtZ3PR0D+JA6lvvb3syzodv4irpK4= +k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E= +k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= k8s.io/component-base v0.23.6 h1:8dhVZ4VrRcNdV2EGjl8tj8YOHwX6ysgCGMJ2Oyy0NW8= k8s.io/component-base v0.23.6/go.mod h1:FGMPeMrjYu0UZBSAFcfloVDplj9IvU+uRMTOdE23Fj0= -k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= @@ -1158,12 +1208,13 @@ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ= k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= +k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= +k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20211116205334-6203023598ed h1:ck1fRPWPJWsMd8ZRFsWc6mh/zHp5fZ/shhbrgPUxDAE= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4= +k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e h1:C7q+e9M5nggAvWfVg9Nl66kebKeuJlP3FD58V4RR5wo= moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e/go.mod h1:nejbQVfXh96n9dSF6cH3Jsk/QI1Z2oEL7sSI2ifXFNA= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= @@ -1174,17 +1225,19 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= sigs.k8s.io/controller-runtime v0.11.2 h1:H5GTxQl0Mc9UjRJhORusqfJCIjBO8UtUxGggCwL1rLA= sigs.k8s.io/controller-runtime v0.11.2/go.mod h1:P6QCzrEjLaZGqHsfd+os7JQ+WFZhvB8MRFsn4dWF7O4= -sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 h1:fD1pz4yfdADVNfFmcP2aBEtudwUQ1AlLnRBALr33v3s= sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= -sigs.k8s.io/kustomize/api v0.10.1 h1:KgU7hfYoscuqag84kxtzKdEC3mKMb99DPI3a0eaV1d0= -sigs.k8s.io/kustomize/api v0.10.1/go.mod h1:2FigT1QN6xKdcnGS2Ppp1uIWrtWN28Ms8A3OZUZhwr8= -sigs.k8s.io/kustomize/kyaml v0.13.0 h1:9c+ETyNfSrVhxvphs+K2dzT3dh5oVPPEqPOE/cUpScY= -sigs.k8s.io/kustomize/kyaml v0.13.0/go.mod h1:FTJxEZ86ScK184NpGSAQcfEqee0nul8oLCK30D47m4E= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= +sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s= +sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk= +sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4= sigs.k8s.io/mdtoc v1.1.0 h1:q3YtqYzmC2e0hgLXRIOm7/QLuPux1CX3ZHCwlbABxZo= sigs.k8s.io/mdtoc v1.1.0/go.mod h1:QZLVEdHH2iNIR4uHAZyvFRtjloHgVItk8lo/mzCtq3w= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= From f34769b543153631ad84e70c8eca8c80ae590f20 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Wed, 24 Aug 2022 19:42:04 +0530 Subject: [PATCH 245/494] added note on digitalocean annotations (#8966) --- docs/deploy/index.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 502e46dda..d5bd5c90d 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -299,6 +299,8 @@ More information with regard to Azure annotations for ingress controller can be ```console kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/do/deploy.yaml ``` +- By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. + #### Scaleway From a171d3f0f2bde9a7658bf9ef0fed50033eb446bf Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 24 Aug 2022 22:20:05 -0400 Subject: [PATCH 246/494] adding cve finding and adding release-notes to PR template (#8916) * adding cve finding and adding release-notes to PR template Signed-off-by: James Strong * update cve report with verbiage around open CVEs and not disclosures Signed-off-by: James Strong * fix then assignees Signed-off-by: James Strong Signed-off-by: James Strong --- .github/ISSUE_TEMPLATE/cve_report.md | 20 +++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 2 -- .github/PULL_REQUEST_TEMPLATE.md | 36 ++++++++++++++++++++++- 3 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/cve_report.md diff --git a/.github/ISSUE_TEMPLATE/cve_report.md b/.github/ISSUE_TEMPLATE/cve_report.md new file mode 100644 index 000000000..b5ecf7ecf --- /dev/null +++ b/.github/ISSUE_TEMPLATE/cve_report.md @@ -0,0 +1,20 @@ +--- +name: CVE Finding Report +about: CVE reporting for ingress-nginx +title: '' +labels: kind/bug +assignees: + - strongjz + - rikatz +--- + + + + + + + + + + diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 73df4d20b..0e892d626 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -15,8 +15,6 @@ The announcement in the dev mailing list is here https://groups.google.com/a/kub Thank you, Ingress-Nginx maintainer - - --> diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 9bc455303..a14cc7004 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -9,6 +9,7 @@ - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) +- [ ] CVE Report (Scanner found CVE and adding report) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Documentation only @@ -30,5 +31,38 @@ fixes # - [ ] My change requires a change to the documentation. - [ ] I have updated the documentation accordingly. - [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide -- [ ] I have added tests to cover my changes. +- [ ] I have added unit and/or e2e tests to cover my changes. - [ ] All new and existing tests passed. +- [ ] Added Release Notes. + +## Does my pull request need a release note? +Any user-visible or operator-visible change qualifies for a release note. This could be a: + +- CLI change +- API change +- UI change +- configuration schema change +- behavioral change +- change in non-functional attributes such as efficiency or availability, availability of a new platform +- a warning about a deprecation +- fix of a previous Known Issue +- fix of a vulnerability (CVE) + +No release notes are required for changes to the following: + +- Tests +- Build infrastructure +- Fixes for unreleased bugs + +For more tips on writing good release notes, check out the [Release Notes Handbook](https://github.com/kubernetes/sig-release/tree/master/release-team/role-handbooks/release-notes) + + +```release-note +PLACE RELEASE NOTES HERE +``` From 9b298987466ec8e38426f56f609ac0c559b80772 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Fri, 26 Aug 2022 14:36:25 +0300 Subject: [PATCH 247/494] Update apiserver to 0.25 to remove v2 go-restful (#8976) Signed-off-by: Ismayil Mirzali Signed-off-by: Ismayil Mirzali --- go.mod | 14 ++++++-------- go.sum | 30 +++++++++++++++--------------- 2 files changed, 21 insertions(+), 23 deletions(-) diff --git a/go.mod b/go.mod index ce9ddea9e..68162fe5f 100644 --- a/go.mod +++ b/go.mod @@ -33,11 +33,11 @@ require ( k8s.io/api v0.25.0 k8s.io/apiextensions-apiserver v0.23.5 k8s.io/apimachinery v0.25.0 - k8s.io/apiserver v0.23.5 + k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 k8s.io/client-go v0.25.0 k8s.io/code-generator v0.23.5 - k8s.io/component-base v0.23.6 + k8s.io/component-base v0.25.0 k8s.io/klog/v2 v2.70.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 @@ -58,13 +58,12 @@ require ( github.com/ajg/form v1.5.1 // indirect github.com/andybalholm/brotli v1.0.4 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/blang/semver v3.5.1+incompatible // indirect + github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/eapache/queue v1.1.0 // indirect - github.com/emicklei/go-restful v2.9.5+incompatible // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fatih/structs v1.0.0 // indirect @@ -119,16 +118,15 @@ require ( github.com/yudai/gojsondiff v1.0.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.1.10 // indirect - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect + golang.org/x/tools v0.1.12 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0 // indirect + google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index fc2d61415..b9dcee78f 100644 --- a/go.sum +++ b/go.sum @@ -102,8 +102,9 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= -github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= @@ -158,7 +159,6 @@ github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= @@ -211,8 +211,8 @@ github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= +github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -733,8 +733,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -982,12 +982,11 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= -golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= -golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= +golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -1084,8 +1083,9 @@ google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEc google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0 h1:5Tbluzus3QxoAJx4IefGt1W0HQZW4nuMrVk684jI74Q= google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= +google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1111,6 +1111,7 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w= google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= @@ -1127,6 +1128,7 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -1179,28 +1181,26 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.23.6/go.mod h1:1kFaYxGCFHYp3qd6a85DAj/yW8aVD6XLZMqJclkoi9g= k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0= k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.23.6/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU= k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0= -k8s.io/apiserver v0.23.5 h1:2Ly8oUjz5cnZRn1YwYr+aFgDZzUmEVL9RscXbnIeDSE= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= +k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= +k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.23.6/go.mod h1:Umt5icFOMLV/+qbtZ3PR0D+JA6lvvb3syzodv4irpK4= k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E= k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= -k8s.io/component-base v0.23.6 h1:8dhVZ4VrRcNdV2EGjl8tj8YOHwX6ysgCGMJ2Oyy0NW8= -k8s.io/component-base v0.23.6/go.mod h1:FGMPeMrjYu0UZBSAFcfloVDplj9IvU+uRMTOdE23Fj0= +k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y= +k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From 26bc6e4e502de26af6471e06625c9e3f733fd917 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Fri, 26 Aug 2022 19:22:25 +0300 Subject: [PATCH 248/494] bump Golang to 1.19 #8932 (#8970) * fix: convert to LF line endings Signed-off-by: Ismayil Mirzali * Pin exact Go bugfix versions for CI jobs Signed-off-by: Ismayil Mirzali * Bump go.mod and Dockerfiles to Go 1.19.0 Signed-off-by: Ismayil Mirzali Signed-off-by: Ismayil Mirzali --- .github/workflows/ci.yaml | 10 ++-- .github/workflows/plugin.yaml | 2 +- go.mod | 2 +- images/custom-error-pages/rootfs/Dockerfile | 2 +- images/custom-error-pages/rootfs/go.mod | 2 +- .../rootfs/Dockerfile | 2 +- images/ext-auth-example-authsvc/rootfs/go.mod | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 58 +++++++++---------- images/kube-webhook-certgen/rootfs/go.mod | 2 +- images/test-runner/Makefile | 2 +- 10 files changed, 42 insertions(+), 42 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d4f9fb4d3..3c4626166 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -70,11 +70,11 @@ jobs: - name: Checkout uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - - name: Set up Go 1.18 + - name: Set up Go 1.19.0 id: go uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 with: - go-version: '1.18.2' + go-version: '1.19.0' - name: Set up QEMU uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 #v2.0.0 @@ -136,7 +136,7 @@ jobs: - name: Setup Go uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 with: - go-version: '1.18.2' + go-version: '1.19.0' - name: cache uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3 @@ -406,12 +406,12 @@ jobs: version: v0.14.0 image: kindest/node:v1.21.12 - - name: Set up Go 1.18 + - name: Set up Go 1.19.0 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 with: - go-version: '1.18.2' + go-version: '1.19.0' - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index efc9a6f06..a8af1af9e 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -21,7 +21,7 @@ jobs: - name: Set up Go uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0 with: - go-version: 1.18 + go-version: 1.19.0 - name: Run GoReleaser uses: goreleaser/goreleaser-action@68acf3b1adf004ac9c2f0a4259e85c5f66e99bef # v3.0.0 diff --git a/go.mod b/go.mod index 68162fe5f..1fb3c67a2 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx -go 1.18 +go 1.19 require ( github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index d53228201..513354279 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.18.2-alpine as builder +FROM golang:1.19.0-alpine as builder RUN apk add git WORKDIR /go/src/k8s.io/ingress-nginx/images/custom-error-pages diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index 05bd45400..b39db8b20 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/custom-error-pages -go 1.18 +go 1.19 require github.com/prometheus/client_golang v1.11.0 diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 9a52919be..2eb010379 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.18.2-alpine3.15 as builder +FROM golang:1.19.0-alpine3.16 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/ext-auth-example-authsvc/rootfs/go.mod b/images/ext-auth-example-authsvc/rootfs/go.mod index 052d17d6f..0be630b8b 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.mod +++ b/images/ext-auth-example-authsvc/rootfs/go.mod @@ -1,6 +1,6 @@ module example.com/authsvc -go 1.18 +go 1.19 require k8s.io/apimachinery v0.23.1 diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index 4a60ed2ea..1ed714b56 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -1,29 +1,29 @@ -# Copyright 2021 The Kubernetes Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM --platform=$BUILDPLATFORM golang:1.18.2 as builder -ARG BUILDPLATFORM -ARG TARGETARCH - -WORKDIR /workspace -COPY . . -RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -a -o kube-webhook-certgen main.go - -FROM --platform=$BUILDPLATFORM gcr.io/distroless/static:nonroot -ARG BUILDPLATFORM -ARG TARGETARCH -WORKDIR / -COPY --from=builder /workspace/kube-webhook-certgen /kube-webhook-certgen -USER 65532:65532 -ENTRYPOINT ["/kube-webhook-certgen"] +# Copyright 2021 The Kubernetes Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM --platform=$BUILDPLATFORM golang:1.19.0 as builder +ARG BUILDPLATFORM +ARG TARGETARCH + +WORKDIR /workspace +COPY . . +RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -a -o kube-webhook-certgen main.go + +FROM --platform=$BUILDPLATFORM gcr.io/distroless/static:nonroot +ARG BUILDPLATFORM +ARG TARGETARCH +WORKDIR / +COPY --from=builder /workspace/kube-webhook-certgen /kube-webhook-certgen +USER 65532:65532 +ENTRYPOINT ["/kube-webhook-certgen"] diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 3858ae566..5ac181823 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -1,6 +1,6 @@ module github.com/jet/kube-webhook-certgen -go 1.18 +go 1.19 require ( github.com/onrik/logrus v0.9.0 diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 7cd0d6251..4350deb91 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -39,7 +39,7 @@ build: ensure-buildx --progress=$(PROGRESS) \ --pull \ --build-arg BASE_IMAGE=$(NGINX_BASE_IMAGE) \ - --build-arg GOLANG_VERSION=1.18.2 \ + --build-arg GOLANG_VERSION=1.19.0 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.24.2 \ --build-arg RESTY_CLI_VERSION=0.27 \ From c6b70ec349cc68a627cdd1f71dd6038ce2a0580f Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sun, 28 Aug 2022 08:34:37 +0530 Subject: [PATCH 249/494] fixed deprecated ginkgo flags (#8984) --- test/e2e-image/e2e.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/e2e-image/e2e.sh b/test/e2e-image/e2e.sh index 3a06871cc..24e52bcde 100755 --- a/test/e2e-image/e2e.sh +++ b/test/e2e-image/e2e.sh @@ -19,17 +19,17 @@ set -e NC='\e[0m' BGREEN='\e[32m' -SLOW_E2E_THRESHOLD=${SLOW_E2E_THRESHOLD:-5} +SLOW_E2E_THRESHOLD=${SLOW_E2E_THRESHOLD:-"5s"} FOCUS=${FOCUS:-.*} E2E_NODES=${E2E_NODES:-5} E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS:-""} ginkgo_args=( - "-randomizeAllSpecs" - "-flakeAttempts=2" - "-failFast" + "-randomize-all" + "-flake-attempts=2" + "-fail-fast" "-progress" - "-slowSpecThreshold=${SLOW_E2E_THRESHOLD}" + "-slow-spec-threshold=${SLOW_E2E_THRESHOLD}" "-succinct" "-timeout=75m" ) From 629cc1439c43f8c8ee21c7a43aed07dcf4b72b07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 28 Aug 2022 07:24:36 -0700 Subject: [PATCH 250/494] Bump actions/setup-go from 3.2.1 to 3.3.0 (#8981) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3.2.1...268d8c0ca0432bb2cf416faae41297df9d262d7f) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- .github/workflows/plugin.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3c4626166..86ba9af4d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -72,7 +72,7 @@ jobs: - name: Set up Go 1.19.0 id: go - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: go-version: '1.19.0' @@ -134,7 +134,7 @@ jobs: uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - name: Setup Go - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: go-version: '1.19.0' @@ -409,7 +409,7 @@ jobs: - name: Set up Go 1.19.0 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: go-version: '1.19.0' diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index a8af1af9e..2f45f70b3 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -19,7 +19,7 @@ jobs: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: go-version: 1.19.0 From 2819c0fdf84337b66b444b1e824d3734afef1e4d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Aug 2022 08:24:38 -0700 Subject: [PATCH 251/494] Bump github.com/opencontainers/runc from 1.1.3 to 1.1.4 (#8992) Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.3 to 1.1.4. - [Release notes](https://github.com/opencontainers/runc/releases) - [Changelog](https://github.com/opencontainers/runc/blob/v1.1.4/CHANGELOG.md) - [Commits](https://github.com/opencontainers/runc/compare/v1.1.3...v1.1.4) --- updated-dependencies: - dependency-name: github.com/opencontainers/runc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1fb3c67a2..b9024bab5 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 github.com/onsi/ginkgo/v2 v2.1.4 - github.com/opencontainers/runc v1.1.3 + github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 github.com/prometheus/client_model v0.2.0 diff --git a/go.sum b/go.sum index b9dcee78f..18e365ba7 100644 --- a/go.sum +++ b/go.sum @@ -487,8 +487,8 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= -github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w= -github.com/opencontainers/runc v1.1.3/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= +github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= +github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= From 75cf26e15c496b6932942fd54d89a4ebf36ec67b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Aug 2022 08:36:37 -0700 Subject: [PATCH 252/494] Bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (#8986) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/68acf3b1adf004ac9c2f0a4259e85c5f66e99bef...ff11ca24a9b39f2d36796d1fbd7a4e39c182630a) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 2f45f70b3..86a64a797 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -24,7 +24,7 @@ jobs: go-version: 1.19.0 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@68acf3b1adf004ac9c2f0a4259e85c5f66e99bef # v3.0.0 + uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.0.0 with: version: latest args: release --rm-dist From b490eb9a4c1e44b27062db55ecb0550ae081cb12 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Aug 2022 06:07:01 -0700 Subject: [PATCH 253/494] Bump github/codeql-action from 2.1.20 to 2.1.21 (#8982) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.20 to 2.1.21. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7fee4ca032ac341c12486c4c06822c5221c76533...c7f292ea4f542c473194b33813ccd4c207a6c725) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b045c3fc9..d9f3a5792 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533 # v2.1.14 + uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index ce1840a0a..a4b454d90 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533 + uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 542cfb764b3c96d9fc42648c980a6e1a99e86517 Mon Sep 17 00:00:00 2001 From: Alex <93376818+sashashura@users.noreply.github.com> Date: Thu, 1 Sep 2022 14:33:06 +0100 Subject: [PATCH 254/494] Update plugin.yaml (#9001) Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com> Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com> --- .github/workflows/plugin.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 86a64a797..1d5ee2787 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -9,6 +9,9 @@ on: tags: - "v*" +permissions: + contents: write # for goreleaser/goreleaser-action + jobs: release-plugin: runs-on: ubuntu-latest From 9f4c44398a9fe65b75b5f73377717571f1688acf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Sep 2022 13:33:45 +0000 Subject: [PATCH 255/494] Bump github/codeql-action from 2.1.21 to 2.1.22 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.21 to 2.1.22. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c7f292ea4f542c473194b33813ccd4c207a6c725...b398f525a5587552e573b247ac661067fafa920b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d9f3a5792..20961611c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 # v2.1.14 + uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index a4b454d90..945c7a935 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 + uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 7791d2b449ea00338c545a9a5e99e347bd6e72e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Sep 2022 10:52:06 -0700 Subject: [PATCH 256/494] Bump google.golang.org/grpc from 1.48.0 to 1.49.0 (#8991) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.48.0 to 1.49.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.48.0...v1.49.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b9024bab5..c22d330c4 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd golang.org/x/net v0.0.0-20220722155237-a158d28d115b - google.golang.org/grpc v1.48.0 + google.golang.org/grpc v1.49.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.0 diff --git a/go.sum b/go.sum index 18e365ba7..0fc0f1b2f 100644 --- a/go.sum +++ b/go.sum @@ -1112,8 +1112,8 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w= -google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw= +google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From ce3afda3207dac4d66a5666278dd77355a43670e Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 2 Sep 2022 13:55:31 -0400 Subject: [PATCH 257/494] start 1.3.1 release Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 18fa8e74f..757407982 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.0 +v1.3.1 From 6a83cddb0367a70754d96336f4dd7d96398fb25d Mon Sep 17 00:00:00 2001 From: sreelakshminarayananm <111572162+sreelakshminarayananm@users.noreply.github.com> Date: Fri, 2 Sep 2022 23:30:07 +0530 Subject: [PATCH 258/494] issue:8739 fix doc issue (#9006) Signed-off-by: sreelakshminarayananm Signed-off-by: sreelakshminarayananm --- docs/deploy/baremetal.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/deploy/baremetal.md b/docs/deploy/baremetal.md index 55288c322..7d8076147 100644 --- a/docs/deploy/baremetal.md +++ b/docs/deploy/baremetal.md @@ -30,7 +30,8 @@ the traffic for the `ingress-nginx` Service IP. See [Traffic policies][metallb-t yourself by reading the official documentation thoroughly. MetalLB can be deployed either with a simple Kubernetes manifest or with Helm. The rest of this example assumes MetalLB -was deployed following the [Installation][metallb-install] instructions. +was deployed following the [Installation][metallb-install] instructions, and that the NGINX Ingress controller was installed +using the steps described in the [quickstart section of the installation guide][install-quickstart]. MetalLB requires a pool of IP addresses in order to be able to take ownership of the `ingress-nginx` Service. This pool can be defined through `IPAddressPool` objects in the same namespace as the MetalLB controller. This pool of IPs **must** be dedicated to MetalLB's use, you can't reuse the Kubernetes node IPs or IPs handed out by a DHCP server. @@ -257,6 +258,7 @@ for generating redirect URLs that take into account the URL used by external cli ``` [install-baremetal]: ./index.md#bare-metal +[install-quickstart]: ./index.md#quick-start [nodeport-def]: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport [nodeport-nat]: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-type-nodeport [pod-assign]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ From 96dc9401d4e5afec6aa989e37ec5591783531737 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 2 Sep 2022 14:48:35 -0400 Subject: [PATCH 259/494] Fix cloud build git error (#9012) * testing the fix Signed-off-by: James Strong * revert 1.3.1 while we fix the build Signed-off-by: James Strong Signed-off-by: James Strong --- TAG | 2 +- build/build.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/TAG b/TAG index 757407982..18fa8e74f 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.1 +v1.3.0 diff --git a/build/build.sh b/build/build.sh index 3b51d665e..88d53d654 100755 --- a/build/build.sh +++ b/build/build.sh @@ -49,7 +49,8 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director echo "Building ${PKG}/cmd/nginx" -git config --add safe.directory /go/src/k8s.io/ingress-nginx +git config --global --add safe.directory /go/src/k8s.io/ingress-nginx + ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ -X ${PKG}/version.RELEASE=${TAG} \ @@ -74,4 +75,3 @@ ${GO_BUILD_CMD} \ -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ -X ${PKG}/version.REPO=${REPO_INFO}" \ -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown" - From 92534fa2ae799b502882c8684db13a25cde68155 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 2 Sep 2022 14:58:46 -0400 Subject: [PATCH 260/494] 1.3.1 for real (#9013) Signed-off-by: James Strong Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 18fa8e74f..757407982 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.0 +v1.3.1 From bfd44ab83e022cc977c39b747505e77f92171fd2 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 4 Sep 2022 20:22:36 -0300 Subject: [PATCH 261/494] Add v1.25 test and reduce amount of e2e tests (#9018) --- .github/workflows/ci.yaml | 16 ++++++++-------- build/build.sh | 2 +- rootfs/chroot.sh | 1 + test/e2e/settings/pod_security_policy.go | 17 ++++++++++++++++- .../e2e/settings/pod_security_policy_volumes.go | 17 ++++++++++++++++- 5 files changed, 42 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 86ba9af4d..d469ae959 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -174,8 +174,8 @@ jobs: id: kind uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: - version: v0.14.0 - image: kindest/node:v1.21.12 + version: v0.15.0 + image: kindest/node:v1.25.0 - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: @@ -208,7 +208,7 @@ jobs: strategy: matrix: - k8s: [v1.21.2, v1.22.9, v1.23.6, v1.24.0] + k8s: [v1.23.10, v1.24.4, v1.25.0] steps: @@ -224,7 +224,7 @@ jobs: id: kind uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: - version: v0.14.0 + version: v0.15.0 config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} @@ -265,7 +265,7 @@ jobs: strategy: matrix: - k8s: [v1.21.10, v1.22.9, v1.23.6, v1.24.0] + k8s: [v1.24.4, v1.25.0] steps: @@ -281,7 +281,7 @@ jobs: id: kind uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: - version: v0.14.0 + version: v0.15.0 config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} @@ -403,8 +403,8 @@ jobs: if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: - version: v0.14.0 - image: kindest/node:v1.21.12 + version: v0.15.0 + image: kindest/node:v1.25.0 - name: Set up Go 1.19.0 id: go diff --git a/build/build.sh b/build/build.sh index 88d53d654..c0372bc25 100755 --- a/build/build.sh +++ b/build/build.sh @@ -49,7 +49,7 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director echo "Building ${PKG}/cmd/nginx" -git config --global --add safe.directory /go/src/k8s.io/ingress-nginx +git config --add safe.directory /go/src/k8s.io/ingress-nginx ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ diff --git a/rootfs/chroot.sh b/rootfs/chroot.sh index 9f3cbd804..3f64aa63f 100755 --- a/rootfs/chroot.sh +++ b/rootfs/chroot.sh @@ -40,6 +40,7 @@ for dir in "${writeDirs[@]}"; do chown -R www-data.www-data ${dir}; done + mkdir -p /chroot/lib /chroot/proc /chroot/usr /chroot/bin /chroot/dev /chroot/run cp /etc/passwd /etc/group /chroot/etc/ cp -a /usr/* /chroot/usr/ diff --git a/test/e2e/settings/pod_security_policy.go b/test/e2e/settings/pod_security_policy.go index 0e0300829..b21fb870e 100644 --- a/test/e2e/settings/pod_security_policy.go +++ b/test/e2e/settings/pod_security_policy.go @@ -19,6 +19,7 @@ package settings import ( "context" "net/http" + "strconv" "strings" "github.com/onsi/ginkgo/v2" @@ -41,8 +42,22 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies", func( f := framework.NewDefaultFramework("pod-security-policies") ginkgo.It("should be running with a Pod Security Policy", func() { + k8sversion, err := f.KubeClientSet.Discovery().ServerVersion() + if err != nil { + assert.Nil(ginkgo.GinkgoT(), err, "getting version") + } + + numversion, err := strconv.Atoi(k8sversion.Minor) + if err != nil { + assert.Nil(ginkgo.GinkgoT(), err, "converting version") + } + + if numversion > 24 { + ginkgo.Skip("PSP not supported in this version") + } + psp := createPodSecurityPolicy() - _, err := f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{}) + _, err = f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{}) if !k8sErrors.IsAlreadyExists(err) { assert.Nil(ginkgo.GinkgoT(), err, "creating Pod Security Policy") } diff --git a/test/e2e/settings/pod_security_policy_volumes.go b/test/e2e/settings/pod_security_policy_volumes.go index 8af74ea60..dd4df3bd9 100644 --- a/test/e2e/settings/pod_security_policy_volumes.go +++ b/test/e2e/settings/pod_security_policy_volumes.go @@ -19,6 +19,7 @@ package settings import ( "context" "net/http" + "strconv" "strings" "github.com/onsi/ginkgo/v2" @@ -37,8 +38,22 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies with vo f := framework.NewDefaultFramework("pod-security-policies-volumes") ginkgo.It("should be running with a Pod Security Policy", func() { + + k8sversion, err := f.KubeClientSet.Discovery().ServerVersion() + if err != nil { + assert.Nil(ginkgo.GinkgoT(), err, "getting version") + } + + numversion, err := strconv.Atoi(k8sversion.Minor) + if err != nil { + assert.Nil(ginkgo.GinkgoT(), err, "converting version") + } + + if numversion > 24 { + ginkgo.Skip("PSP not supported in this version") + } psp := createPodSecurityPolicy() - _, err := f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{}) + _, err = f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{}) if !k8sErrors.IsAlreadyExists(err) { assert.Nil(ginkgo.GinkgoT(), err, "creating Pod Security Policy") } From 79a311d3be07e039382cac49f16509e126dc2e87 Mon Sep 17 00:00:00 2001 From: "qilong.qiu" Date: Mon, 5 Sep 2022 09:28:36 +0800 Subject: [PATCH 262/494] Bump chart testing from 3.0.0 to 3.7.0 (#9000) --- images/test-runner/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 4350deb91..ad888e5c7 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -46,7 +46,7 @@ build: ensure-buildx --build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \ --build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ - --build-arg CHART_TESTING_VERSION=3.0.0 \ + --build-arg CHART_TESTING_VERSION=3.7.0 \ --build-arg YAML_LINT_VERSION=1.27.1 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=v3.9.0 \ From 12c9f009310b8885ea5568ed2feb3508abada01e Mon Sep 17 00:00:00 2001 From: Amim Knabben Date: Mon, 5 Sep 2022 08:02:36 -0300 Subject: [PATCH 263/494] Adding a simpler interface for the HTTP request library. (#8862) --- go.mod | 20 +- go.sum | 56 +--- test/e2e/annotations/affinitymode.go | 4 +- test/e2e/defaultbackend/default_backend.go | 11 +- test/e2e/framework/framework.go | 41 +-- test/e2e/framework/httpexpect/README.md | 1 + test/e2e/framework/httpexpect/array.go | 36 +++ test/e2e/framework/httpexpect/chain.go | 54 ++++ test/e2e/framework/httpexpect/cookie.go | 29 ++ test/e2e/framework/httpexpect/match.go | 37 +++ test/e2e/framework/httpexpect/object.go | 111 +++++++ test/e2e/framework/httpexpect/reporter.go | 48 +++ test/e2e/framework/httpexpect/request.go | 176 +++++++++++ test/e2e/framework/httpexpect/response.go | 273 ++++++++++++++++++ test/e2e/framework/httpexpect/string.go | 120 ++++++++ test/e2e/framework/httpexpect/value.go | 33 +++ .../servicebackend/service_externalname.go | 3 +- .../settings/disable_service_external_name.go | 3 +- 18 files changed, 954 insertions(+), 102 deletions(-) create mode 100644 test/e2e/framework/httpexpect/README.md create mode 100644 test/e2e/framework/httpexpect/array.go create mode 100644 test/e2e/framework/httpexpect/chain.go create mode 100644 test/e2e/framework/httpexpect/cookie.go create mode 100644 test/e2e/framework/httpexpect/match.go create mode 100644 test/e2e/framework/httpexpect/object.go create mode 100644 test/e2e/framework/httpexpect/reporter.go create mode 100644 test/e2e/framework/httpexpect/request.go create mode 100644 test/e2e/framework/httpexpect/response.go create mode 100644 test/e2e/framework/httpexpect/string.go create mode 100644 test/e2e/framework/httpexpect/value.go diff --git a/go.mod b/go.mod index c22d330c4..2c220232e 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,6 @@ require ( github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a github.com/eapache/channels v1.1.0 github.com/fsnotify/fsnotify v1.5.4 - github.com/gavv/httpexpect/v2 v2.3.1 github.com/imdario/mergo v0.3.13 github.com/json-iterator/go v1.1.12 github.com/kylelemons/godebug v1.1.0 @@ -24,6 +23,7 @@ require ( github.com/spf13/cobra v1.5.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 + github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd golang.org/x/net v0.0.0-20220722155237-a158d28d115b @@ -55,8 +55,6 @@ require ( github.com/BurntSushi/toml v0.3.1 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect - github.com/ajg/form v1.5.1 // indirect - github.com/andybalholm/brotli v1.0.4 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -66,13 +64,13 @@ require ( github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect - github.com/fatih/structs v1.0.0 // indirect github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b // indirect github.com/go-errors/errors v1.0.1 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect + github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.2.0 // indirect @@ -82,16 +80,13 @@ require ( github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.8 // indirect - github.com/google/go-querystring v1.0.0 // indirect github.com/google/gofuzz v1.1.0 // indirect + github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect - github.com/gorilla/websocket v1.4.2 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect - github.com/imkira/go-interpol v1.0.0 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/josharian/intern v1.0.0 // indirect - github.com/klauspost/compress v1.15.7 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect @@ -108,15 +103,9 @@ require ( github.com/prometheus/procfs v0.8.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/sirupsen/logrus v1.8.1 // indirect - github.com/valyala/bytebufferpool v1.0.0 // indirect - github.com/valyala/fasthttp v1.38.0 // indirect - github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect - github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/xeipuuv/gojsonschema v1.1.0 // indirect github.com/xlab/treeprint v1.1.0 // indirect - github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 // indirect - github.com/yudai/gojsondiff v1.0.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect + github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect @@ -135,7 +124,6 @@ require ( k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect - moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect diff --git a/go.sum b/go.sum index 0fc0f1b2f..92f966d6f 100644 --- a/go.sum +++ b/go.sum @@ -75,16 +75,11 @@ github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tN github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU= -github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= -github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= -github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -173,11 +168,7 @@ github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go. github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fasthttp/websocket v1.4.3-rc.6 h1:omHqsl8j+KXpmzRjF8bmzOSYJ8GnS0E3efi1wYT+niY= -github.com/fasthttp/websocket v1.4.3-rc.6/go.mod h1:43W9OM2T8FeXpCWMsBd9Cb7nE2CACNqNvCqQCoty/Lc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/structs v1.0.0 h1:BrX964Rv5uQ3wwS+KRUAJCBBw5PQmgJfJ6v4yly5QwU= -github.com/fatih/structs v1.0.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -188,8 +179,6 @@ github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwV github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/gavv/httpexpect/v2 v2.3.1 h1:sGLlKMn8AuHS9ztK9Sb7AJ7OxIL8v2PcLdyxfKt1Fo4= -github.com/gavv/httpexpect/v2 v2.3.1/go.mod h1:yOE8m/aqFYQDNrgprMeXgq4YynfN9h1NgcE1+1suV64= github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -223,6 +212,8 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -294,8 +285,6 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -316,6 +305,7 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -330,7 +320,6 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= @@ -365,8 +354,6 @@ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1: github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/imkira/go-interpol v1.0.0 h1:HrmLyvOLJyjR0YofMw8QGdCIuYOs4TJUBDNU5sJC09E= -github.com/imkira/go-interpol v1.0.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= @@ -384,15 +371,10 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.7 h1:7cgTQxJCU/vy+oP/E3B9RGbQTgbiVzIJWIKOLoAsPok= -github.com/klauspost/compress v1.15.7/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= @@ -416,12 +398,10 @@ github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU= -github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-isatty v0.0.3 h1:ns/ykhmWi7G9O+8a448SecJU3nSMBXJfqQkl0upE1jI= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= @@ -476,14 +456,12 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY= github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= @@ -550,11 +528,8 @@ github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6po github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/savsgio/gotils v0.0.0-20210617111740-97865ed5a873 h1:N3Af8f13ooDKcIhsmFT7Z05CStZWu4C7Md0uDEy4q6o= -github.com/savsgio/gotils v0.0.0-20210617111740-97865ed5a873/go.mod h1:dmPawKuiAeG/aFYVs2i+Dyosoo7FNcm+Pi8iK6ZUrX8= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= @@ -606,25 +581,11 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1 github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= -github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/valyala/fasthttp v1.27.0/go.mod h1:cmWIqlu99AO/RKcp1HWaViTqc57FswJOfYYdPJBl8BA= -github.com/valyala/fasthttp v1.38.0 h1:yTjSSNjuDi2PPvXY2836bIwLmiTS2T4T9p1coQshpco= -github.com/valyala/fasthttp v1.38.0/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I= -github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.1.0 h1:ngVtJC9TY/lg0AA/1k48FYhBrhRoFlEmWzsehpNAaZg= -github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= -github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 h1:6fRhSjgLCkTD3JnJxvaJ4Sj+TYblw757bqYgZaOq5ZY= -github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI= github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA= github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg= github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 h1:BHyfKlQyqbsFN5p3IfnEUduWvb9is428/nNb5L3U01M= @@ -690,12 +651,10 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38= golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -780,7 +739,6 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -827,7 +785,6 @@ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -896,7 +853,6 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1215,8 +1171,6 @@ k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4= k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e h1:C7q+e9M5nggAvWfVg9Nl66kebKeuJlP3FD58V4RR5wo= -moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e/go.mod h1:nejbQVfXh96n9dSF6cH3Jsk/QI1Z2oEL7sSI2ifXFNA= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R5A2EgsVzG8RTt4RfPoQuRAcDmg= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/test/e2e/annotations/affinitymode.go b/test/e2e/annotations/affinitymode.go index 2b40155d0..cce2b004d 100644 --- a/test/e2e/annotations/affinitymode.go +++ b/test/e2e/annotations/affinitymode.go @@ -42,7 +42,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() { host := "affinity-mode-balance.com" annotations := make(map[string]string) annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie" - annotations["ginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie" + annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie" annotations["nginx.ingress.kubernetes.io/session-cookie-expires"] = "172800" annotations["nginx.ingress.kubernetes.io/session-cookie-max-age"] = "172800" annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false" @@ -75,7 +75,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() { host := "affinity-mode-persistent.com" annotations := make(map[string]string) annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie" - annotations["ginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie" + annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie" annotations["nginx.ingress.kubernetes.io/session-cookie-expires"] = "172800" annotations["nginx.ingress.kubernetes.io/session-cookie-max-age"] = "172800" annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false" diff --git a/test/e2e/defaultbackend/default_backend.go b/test/e2e/defaultbackend/default_backend.go index e418e4687..e589024b4 100644 --- a/test/e2e/defaultbackend/default_backend.go +++ b/test/e2e/defaultbackend/default_backend.go @@ -19,7 +19,8 @@ package defaultbackend import ( "net/http" - "github.com/gavv/httpexpect/v2" + "k8s.io/ingress-nginx/test/e2e/framework/httpexpect" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" @@ -64,15 +65,13 @@ var _ = framework.IngressNginxDescribe("[Default Backend]", func() { for _, test := range testCases { ginkgo.By(test.Name) - var req *httpexpect.Request + var req *httpexpect.HTTPRequest switch test.Scheme { case framework.HTTP: - req = f.HTTPTestClient().Request(test.Method, test.Path) - req.WithURL(f.GetURL(framework.HTTP) + test.Path) + req = f.HTTPTestClient().DoRequest(test.Method, test.Path).WithURL(f.GetURL(framework.HTTP) + test.Path) case framework.HTTPS: - req = f.HTTPTestClient().Request(test.Method, test.Path) - req.WithURL(f.GetURL(framework.HTTPS) + test.Path) + req = f.HTTPTestClient().DoRequest(test.Method, test.Path).WithURL(f.GetURL(framework.HTTPS) + test.Path) default: ginkgo.Fail("Unexpected request scheme") } diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index 0f01ae3cb..4946c13b2 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -22,7 +22,8 @@ import ( "strings" "time" - "github.com/gavv/httpexpect/v2" + "k8s.io/ingress-nginx/test/e2e/framework/httpexpect" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" @@ -445,22 +446,22 @@ func (f *Framework) DeleteNGINXPod(grace int64) { } // HTTPDumbTestClient returns a new httpexpect client without BaseURL. -func (f *Framework) HTTPDumbTestClient() *httpexpect.Expect { - return f.newTestClient(nil, false) +func (f *Framework) HTTPDumbTestClient() *httpexpect.HTTPRequest { + return f.newHTTPTestClient(nil, false) } -// HTTPTestClient returns a new httpexpect client for end-to-end HTTP testing. -func (f *Framework) HTTPTestClient() *httpexpect.Expect { - return f.newTestClient(nil, true) +// HTTPTestClient returns a new HTTPRequest client for end-to-end HTTP testing. +func (f *Framework) HTTPTestClient() *httpexpect.HTTPRequest { + return f.newHTTPTestClient(nil, true) } // HTTPTestClientWithTLSConfig returns a new httpexpect client for end-to-end // HTTP testing with a custom TLS configuration. -func (f *Framework) HTTPTestClientWithTLSConfig(config *tls.Config) *httpexpect.Expect { - return f.newTestClient(config, true) +func (f *Framework) HTTPTestClientWithTLSConfig(config *tls.Config) *httpexpect.HTTPRequest { + return f.newHTTPTestClient(config, true) } -func (f *Framework) newTestClient(config *tls.Config, setIngressURL bool) *httpexpect.Expect { +func (f *Framework) newHTTPTestClient(config *tls.Config, setIngressURL bool) *httpexpect.HTTPRequest { if config == nil { config = &tls.Config{ InsecureSkipVerify: true, @@ -471,24 +472,14 @@ func (f *Framework) newTestClient(config *tls.Config, setIngressURL bool) *httpe baseURL = f.GetURL(HTTP) } - return httpexpect.WithConfig(httpexpect.Config{ - BaseURL: baseURL, - Client: &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: config, - }, - CheckRedirect: func(req *http.Request, via []*http.Request) error { - return http.ErrUseLastResponse - }, + return httpexpect.NewRequest(baseURL, &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: config, }, - Reporter: httpexpect.NewAssertReporter( - httpexpect.NewAssertReporter(ginkgo.GinkgoT()), - ), - Printers: []httpexpect.Printer{ - // TODO: enable conditionally? - // httpexpect.NewDebugPrinter(ginkgo.GinkgoT(), false), + CheckRedirect: func(req *http.Request, via []*http.Request) error { + return http.ErrUseLastResponse }, - }) + }, httpexpect.NewAssertReporter()) } // WaitForNginxListening waits until NGINX starts accepting connections on a port diff --git a/test/e2e/framework/httpexpect/README.md b/test/e2e/framework/httpexpect/README.md new file mode 100644 index 000000000..73cfd9dbb --- /dev/null +++ b/test/e2e/framework/httpexpect/README.md @@ -0,0 +1 @@ +This module is based in the deprecated library `github.com/gavv/httpexpect`, and contains slightly adaptations. diff --git a/test/e2e/framework/httpexpect/array.go b/test/e2e/framework/httpexpect/array.go new file mode 100644 index 000000000..432982f4a --- /dev/null +++ b/test/e2e/framework/httpexpect/array.go @@ -0,0 +1,36 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +// Array provides methods to inspect attached []interface{} object +// (Go representation of JSON array). +type Array struct { + chain chain + value []interface{} +} + +// Iter returns a new slice of Values attached to array elements. +func (a *Array) Iter() []Value { + if a.chain.failed() { + return []Value{} + } + ret := []Value{} + for n := range a.value { + ret = append(ret, Value{a.chain, a.value[n]}) + } + return ret +} diff --git a/test/e2e/framework/httpexpect/chain.go b/test/e2e/framework/httpexpect/chain.go new file mode 100644 index 000000000..79956fb33 --- /dev/null +++ b/test/e2e/framework/httpexpect/chain.go @@ -0,0 +1,54 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +type chain struct { + reporter Reporter + failbit bool +} + +func makeChain(reporter Reporter) chain { + return chain{reporter, false} +} + +func (c *chain) failed() bool { + return c.failbit +} + +func (c *chain) fail(message string, args ...interface{}) { + if c.failbit { + return + } + c.failbit = true + c.reporter.Errorf(message, args...) +} + +func (c *chain) reset() { + c.failbit = false +} + +func (c *chain) assertFailed(r Reporter) { + if !c.failbit { + r.Errorf("expected chain is failed, but it's ok") + } +} + +func (c *chain) assertOK(r Reporter) { + if c.failbit { + r.Errorf("expected chain is ok, but it's failed") + } +} diff --git a/test/e2e/framework/httpexpect/cookie.go b/test/e2e/framework/httpexpect/cookie.go new file mode 100644 index 000000000..1cd57a6cc --- /dev/null +++ b/test/e2e/framework/httpexpect/cookie.go @@ -0,0 +1,29 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import "net/http" + +// Cookie provides methods to inspect attached http.Cookie value. +type Cookie struct { + chain chain + value *http.Cookie +} + +func (c *Cookie) Raw() *http.Cookie { + return c.value +} diff --git a/test/e2e/framework/httpexpect/match.go b/test/e2e/framework/httpexpect/match.go new file mode 100644 index 000000000..b031510c4 --- /dev/null +++ b/test/e2e/framework/httpexpect/match.go @@ -0,0 +1,37 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +// Match provides methods to inspect attached regexp match results. +type Match struct { + chain chain + submatches []string + names map[string]int +} + +func makeMatch(chain chain, submatches []string, names []string) *Match { + if submatches == nil { + submatches = []string{} + } + namemap := map[string]int{} + for n, name := range names { + if name != "" { + namemap[name] = n + } + } + return &Match{chain, submatches, namemap} +} diff --git a/test/e2e/framework/httpexpect/object.go b/test/e2e/framework/httpexpect/object.go new file mode 100644 index 000000000..f7c27faaf --- /dev/null +++ b/test/e2e/framework/httpexpect/object.go @@ -0,0 +1,111 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import ( + "reflect" + + "github.com/yudai/gojsondiff" + "github.com/yudai/gojsondiff/formatter" +) + +// Object provides methods to inspect attached map[string]interface{} object +// (Go representation of JSON object). +type Object struct { + chain chain + value map[string]interface{} +} + +func (o *Object) ValueEqual(key string, value interface{}) *Object { + if !o.containsKey(key) { + o.chain.fail("\nexpected object containing key '%s', but got:\n%s", + key, dumpValue(o.value)) + return o + } + expected, ok := canonValue(&o.chain, value) + if !ok { + return o + } + if !reflect.DeepEqual(expected, o.value[key]) { + o.chain.fail("\nexpected value for key '%s' equal to:\n%s\n\nbut got:\n%s\n\ndiff:\n%s", + key, + dumpValue(expected), + dumpValue(o.value[key]), + diffValues(expected, o.value[key])) + } + return o +} + +func (o *Object) ContainsKey(key string) *Object { + if !o.containsKey(key) { + o.chain.fail("\nexpected object containing key '%s', but got:\n%s", + key, + dumpValue(o.value)) + } + return o +} + +func (o *Object) NotContainsKey(key string) *Object { + if o.containsKey(key) { + o.chain.fail("\nexpected object not containing key '%s', but got:\n%s", + key, dumpValue(o.value)) + } + return o +} + +func (o *Object) containsKey(key string) bool { + for k := range o.value { + if k == key { + return true + } + } + return false +} + +func diffValues(expected, actual interface{}) string { + differ := gojsondiff.New() + + var diff gojsondiff.Diff + + if ve, ok := expected.(map[string]interface{}); ok { + if va, ok := actual.(map[string]interface{}); ok { + diff = differ.CompareObjects(ve, va) + } else { + return " (unavailable)" + } + } else if ve, ok := expected.([]interface{}); ok { + if va, ok := actual.([]interface{}); ok { + diff = differ.CompareArrays(ve, va) + } else { + return " (unavailable)" + } + } else { + return " (unavailable)" + } + + config := formatter.AsciiFormatterConfig{ + ShowArrayIndex: true, + } + f := formatter.NewAsciiFormatter(expected, config) + + str, err := f.Format(diff) + if err != nil { + return " (unavailable)" + } + + return "--- expected\n+++ actual\n" + str +} diff --git a/test/e2e/framework/httpexpect/reporter.go b/test/e2e/framework/httpexpect/reporter.go new file mode 100644 index 000000000..e80234590 --- /dev/null +++ b/test/e2e/framework/httpexpect/reporter.go @@ -0,0 +1,48 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import ( + "fmt" + + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" +) + +// Reporter is used to report failures. +// testing.TB, AssertReporter, and RequireReporter implement this interface. +type Reporter interface { + // Errorf reports failure. + // Allowed to return normally or terminate test using t.FailNow(). + Errorf(message string, args ...interface{}) +} + +// AssertReporter implements Reporter interface using `testify/assert' +// package. Failures are non-fatal with this reporter. +type AssertReporter struct { + backend *assert.Assertions +} + +// NewAssertReporter returns a new AssertReporter object. +func NewAssertReporter() *AssertReporter { + return &AssertReporter{assert.New(ginkgo.GinkgoT())} +} + +// Errorf implements Reporter.Errorf. +func (r *AssertReporter) Errorf(message string, args ...interface{}) { + r.backend.Fail(fmt.Sprintf(message, args...)) +} diff --git a/test/e2e/framework/httpexpect/request.go b/test/e2e/framework/httpexpect/request.go new file mode 100644 index 000000000..335e3931e --- /dev/null +++ b/test/e2e/framework/httpexpect/request.go @@ -0,0 +1,176 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import ( + "fmt" + "io" + "net/http" + "net/url" + "path" +) + +type HTTPRequest struct { + chain chain + reporter Reporter + baseURL string + client *http.Client + query url.Values + Request *http.Request + HTTPResponse *HTTPResponse +} + +// NewRequest returns an HTTPRequest object. +func NewRequest(baseURL string, client *http.Client, reporter Reporter) *HTTPRequest { + response := NewResponse(reporter) + return &HTTPRequest{ + baseURL: baseURL, + client: client, + reporter: reporter, + chain: makeChain(reporter), + HTTPResponse: response, + } +} + +// GET creates a new HTTP request with GET method. +func (h *HTTPRequest) GET(rpath string) *HTTPRequest { + if h.chain.failed() { + return h + } + return h.DoRequest("GET", rpath) +} + +// DoRequest creates a new HTTP request object. +func (h *HTTPRequest) DoRequest(method, rpath string) *HTTPRequest { + uri, err := url.Parse(h.baseURL) + if err != nil { + h.chain.fail(err.Error()) + } + + var request *http.Request + uri.Path = path.Join(uri.Path, rpath) + if request, err = http.NewRequest(method, uri.String(), nil); err != nil { + h.chain.fail(err.Error()) + } + + h.Request = request + return h +} + +// Expect executes the request and returns an HTTP response. +func (h *HTTPRequest) Expect() *HTTPResponse { + if h.query != nil { + h.Request.URL.RawQuery = h.query.Encode() + } + + response, err := h.client.Do(h.Request) + if err != nil { + h.chain.fail(err.Error()) + } + + h.HTTPResponse.Response = response // set the HTTP response + + var content []byte + if content, err = getContent(response); err != nil { + h.chain.fail(err.Error()) + } + // set content and cookies from HTTPResponse + h.HTTPResponse.content = content + h.HTTPResponse.cookies = h.HTTPResponse.Response.Cookies() + return h.HTTPResponse +} + +// WithURL sets the request URL appending paths when already exist. +func (h *HTTPRequest) WithURL(urlStr string) *HTTPRequest { + if h.chain.failed() { + return h + } + if u, err := url.Parse(urlStr); err != nil { + h.chain.fail(err.Error()) + } else { + u.Path = path.Join(h.Request.URL.Path, u.Path) + h.Request.URL = u + } + return h +} + +// WithHeader adds given header to request. +func (h *HTTPRequest) WithHeader(key, value string) *HTTPRequest { + if h.chain.failed() { + return h + } + switch http.CanonicalHeaderKey(key) { + case "Host": + h.Request.Host = value + default: + h.Request.Header.Add(key, value) + } + return h +} + +// WithCookies adds given cookies to request. +func (h *HTTPRequest) WithCookies(cookies map[string]string) *HTTPRequest { + if h.chain.failed() { + return h + } + for k, v := range cookies { + h.WithCookie(k, v) + } + return h +} + +// WithCookie adds given single cookie to request. +func (h *HTTPRequest) WithCookie(k, v string) *HTTPRequest { + if h.chain.failed() { + return h + } + h.Request.AddCookie(&http.Cookie{Name: k, Value: v}) + return h +} + +// WithBasicAuth sets the request's Authorization header to use HTTP +// Basic Authentication with the provided username and password. +// +// With HTTP Basic Authentication the provided username and password +// are not encrypted. +func (h *HTTPRequest) WithBasicAuth(username, password string) *HTTPRequest { + if h.chain.failed() { + return h + } + h.Request.SetBasicAuth(username, password) + return h +} + +// WithQuery adds query parameter to request URL. +func (h *HTTPRequest) WithQuery(key string, value interface{}) *HTTPRequest { + if h.chain.failed() { + return h + } + if h.query == nil { + h.query = make(url.Values) + } + h.query.Add(key, fmt.Sprint(value)) + return h +} + +// getContent returns the content from the body response. +func getContent(resp *http.Response) ([]byte, error) { + if resp.Body == nil { + return []byte{}, nil + } + return io.ReadAll(resp.Body) +} diff --git a/test/e2e/framework/httpexpect/response.go b/test/e2e/framework/httpexpect/response.go new file mode 100644 index 000000000..1c7624752 --- /dev/null +++ b/test/e2e/framework/httpexpect/response.go @@ -0,0 +1,273 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import ( + "encoding/json" + "fmt" + "mime" + "net/http" + "reflect" + "strconv" + "strings" +) + +// StatusRange is enum for response status ranges. +type StatusRange int + +const ( + // Status1xx defines "Informational" status codes. + Status1xx StatusRange = 100 + + // Status2xx defines "Success" status codes. + Status2xx StatusRange = 200 + + // Status3xx defines "Redirection" status codes. + Status3xx StatusRange = 300 + + // Status4xx defines "Client Error" status codes. + Status4xx StatusRange = 400 + + // Status5xx defines "Server Error" status codes. + Status5xx StatusRange = 500 +) + +type HTTPResponse struct { + chain chain + content []byte + cookies []*http.Cookie + Response *http.Response +} + +// NewResponse returns an empty HTTPResponse object. +func NewResponse(reporter Reporter) *HTTPResponse { + return &HTTPResponse{ + chain: makeChain(reporter), + } +} + +// Body returns the body of the response. +func (r *HTTPResponse) Body() *String { + return &String{value: string(r.content)} +} + +// Raw returns the raw http response. +func (r *HTTPResponse) Raw() *http.Response { + return r.Response +} + +// Status compare the actual http response with the expected one raising and error +// if they don't match. +func (r *HTTPResponse) Status(status int) *HTTPResponse { + if r.chain.failed() { + return r + } + r.checkEqual("status", statusCodeText(status), statusCodeText(r.Response.StatusCode)) + return r +} + +// ContentEncoding succeeds if response has exactly given Content-Encoding +func (r *HTTPResponse) ContentEncoding(encoding ...string) *HTTPResponse { + if r.chain.failed() { + return r + } + r.checkEqual("\"Content-Encoding\" header", encoding, r.Response.Header["Content-Encoding"]) + return r +} + +// ContentType succeeds if response contains Content-Type header with given +// media type and charset. +func (r *HTTPResponse) ContentType(mediaType string, charset ...string) *HTTPResponse { + r.checkContentType(mediaType, charset...) + return r +} + +// Cookies returns a new Array object with all cookie names set by this response. +// Returned Array contains a String value for every cookie name. +func (r *HTTPResponse) Cookies() *Array { + if r.chain.failed() { + return &Array{r.chain, nil} + } + names := []interface{}{} + for _, c := range r.cookies { + names = append(names, c.Name) + } + return &Array{r.chain, names} +} + +// Cookie returns a new Cookie object that may be used to inspect given cookie +// set by this response. +func (r *HTTPResponse) Cookie(name string) *Cookie { + if r.chain.failed() { + return &Cookie{r.chain, nil} + } + names := []string{} + for _, c := range r.cookies { + if c.Name == name { + return &Cookie{r.chain, c} + } + names = append(names, c.Name) + } + r.chain.fail("\nexpected response with cookie:\n %q\n\nbut got only cookies:\n%s", name, dumpValue(names)) + return &Cookie{r.chain, nil} +} + +// Headers returns a new Object that may be used to inspect header map. +func (r *HTTPResponse) Headers() *Object { + var value map[string]interface{} + if !r.chain.failed() { + value, _ = canonMap(&r.chain, r.Response.Header) + } + return &Object{r.chain, value} +} + +// Header returns a new String object that may be used to inspect given header. +func (r *HTTPResponse) Header(header string) *String { + return &String{chain: r.chain, value: r.Response.Header.Get(header)} +} + +func canonMap(chain *chain, in interface{}) (map[string]interface{}, bool) { + var out map[string]interface{} + data, ok := canonValue(chain, in) + if ok { + out, ok = data.(map[string]interface{}) + if !ok { + chain.fail("expected map, got %v", out) + } + } + return out, ok +} + +func canonValue(chain *chain, in interface{}) (interface{}, bool) { + b, err := json.Marshal(in) + if err != nil { + chain.fail(err.Error()) + return nil, false + } + + var out interface{} + if err := json.Unmarshal(b, &out); err != nil { + chain.fail(err.Error()) + return nil, false + } + + return out, true +} + +// StatusRange succeeds if response status belongs to given range. +func (r *HTTPResponse) StatusRange(rn StatusRange) *HTTPResponse { + if r.chain.failed() { + return r + } + status := statusCodeText(r.Response.StatusCode) + + actual := statusRangeText(r.Response.StatusCode) + expected := statusRangeText(int(rn)) + + if actual == "" || actual != expected { + if actual == "" { + r.chain.fail("\nexpected status from range:\n %q\n\nbut got:\n %q", + expected, status) + } else { + r.chain.fail("\nexpected status from range:\n %q\n\nbut got:\n %q (%q)", + expected, actual, status) + } + } + return r +} + +func statusCodeText(code int) string { + if s := http.StatusText(code); s != "" { + return strconv.Itoa(code) + " " + s + } + return strconv.Itoa(code) +} + +func statusRangeText(code int) string { + switch { + case code >= 100 && code < 200: + return "1xx Informational" + case code >= 200 && code < 300: + return "2xx Success" + case code >= 300 && code < 400: + return "3xx Redirection" + case code >= 400 && code < 500: + return "4xx Client Error" + case code >= 500 && code < 600: + return "5xx Server Error" + default: + return "" + } +} + +func (r *HTTPResponse) checkContentType(expectedType string, expectedCharset ...string) bool { + if r.chain.failed() { + return false + } + + contentType := r.Response.Header.Get("Content-Type") + + if expectedType == "" && len(expectedCharset) == 0 { + if contentType == "" { + return true + } + } + + mediaType, params, err := mime.ParseMediaType(contentType) + if err != nil { + r.chain.fail("\ngot invalid \"Content-Type\" header %q", contentType) + return false + } + + if mediaType != expectedType { + r.chain.fail("\nexpected \"Content-Type\" header with %q media type,"+ + "\nbut got %q", expectedType, mediaType) + return false + } + + charset := params["charset"] + + if len(expectedCharset) == 0 { + if charset != "" && !strings.EqualFold(charset, "utf-8") { + r.chain.fail("\nexpected \"Content-Type\" header with \"utf-8\" or empty charset,"+ + "\nbut got %q", charset) + return false + } + } else { + if !strings.EqualFold(charset, expectedCharset[0]) { + r.chain.fail("\nexpected \"Content-Type\" header with %q charset,"+ + "\nbut got %q", expectedCharset[0], charset) + return false + } + } + return true +} + +func (r *HTTPResponse) checkEqual(what string, expected, actual interface{}) { + if !reflect.DeepEqual(expected, actual) { + r.chain.fail("\nexpected %s equal to:\n%s\n\nbut got:\n%s", + what, dumpValue(expected), dumpValue(actual)) + } +} + +func dumpValue(value interface{}) string { + b, err := json.MarshalIndent(value, " ", " ") + if err != nil { + return " " + fmt.Sprintf("%#v", value) + } + return " " + string(b) +} diff --git a/test/e2e/framework/httpexpect/string.go b/test/e2e/framework/httpexpect/string.go new file mode 100644 index 000000000..be2ab0f04 --- /dev/null +++ b/test/e2e/framework/httpexpect/string.go @@ -0,0 +1,120 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import ( + "regexp" + "strings" +) + +// String provides methods to inspect attached string value +// (Go representation of JSON string). +type String struct { + chain chain + value string +} + +// Raw returns underlying value attached to String. +// This is the value originally passed to NewString. +func (s *String) Raw() string { + return s.value +} + +// Empty succeeds if string is empty. +func (s *String) Empty() *String { + return s.Equal("") +} + +// NotEmpty succeeds if string is non-empty. +func (s *String) NotEmpty() *String { + return s.NotEqual("") +} + +// Equal succeeds if string is equal to given Go string. +func (s *String) Equal(value string) *String { + if !(s.value == value) { + s.chain.fail("\nexpected string equal to:\n %q\n\nbut got:\n %q", value, s.value) + } + return s +} + +// NotEqual succeeds if string is not equal to given Go string. +func (s *String) NotEqual(value string) *String { + if !(s.value != value) { + s.chain.fail("\nexpected string not equal to:\n %q", value) + } + return s +} + +// Contains succeeds if string contains given Go string as a substring. +func (s *String) Contains(value string) *String { + if !strings.Contains(s.value, value) { + s.chain.fail( + "\nexpected string containing substring:\n %q\n\nbut got:\n %q", + value, s.value) + } + return s +} + +// NotContains succeeds if string doesn't contain Go string as a substring. +func (s *String) NotContains(value string) *String { + if strings.Contains(s.value, value) { + s.chain.fail("\nexpected string not containing substring:\n %q\n\nbut got:\n %q", value, s.value) + } + return s +} + +// ContainsFold succeeds if string contains given Go string as a substring after +// applying Unicode case-folding (so it's a case-insensitive match). +func (s *String) ContainsFold(value string) *String { + if !strings.Contains(strings.ToLower(s.value), strings.ToLower(value)) { + s.chain.fail("\nexpected string containing substring (case-insensitive):\n %q"+"\n\nbut got:\n %q", value, s.value) + } + return s +} + +// NotContainsFold succeeds if string doesn't contain given Go string as a substring +// after applying Unicode case-folding (so it's a case-insensitive match). +// +// Example: +// +// str := NewString(t, "Hello") +// str.NotContainsFold("BYE") +func (s *String) NotContainsFold(value string) *String { + if strings.Contains(strings.ToLower(s.value), strings.ToLower(value)) { + s.chain.fail("\nexpected string not containing substring (case-insensitive):\n %q"+"\n\nbut got:\n %q", value, s.value) + } + return s +} + +// Match matches the string with given regexp and returns a new Match object +// with found submatches. +func (s *String) Match(re string) *Match { + r, err := regexp.Compile(re) + if err != nil { + s.chain.fail(err.Error()) + return makeMatch(s.chain, nil, nil) + } + + m := r.FindStringSubmatch(s.value) + if m == nil { + s.chain.fail("\nexpected string matching regexp:\n `%s`\n\nbut got:\n %q", re, s.value) + return makeMatch(s.chain, nil, nil) + } + + return makeMatch(s.chain, m, r.SubexpNames()) +} diff --git a/test/e2e/framework/httpexpect/value.go b/test/e2e/framework/httpexpect/value.go new file mode 100644 index 000000000..fd59091b1 --- /dev/null +++ b/test/e2e/framework/httpexpect/value.go @@ -0,0 +1,33 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +// Value provides methods to inspect attached interface{} object +// (Go representation of arbitrary JSON value) and cast it to +// concrete type. +type Value struct { + chain chain + value interface{} +} + +func (v *Value) String() *String { + data, ok := v.value.(string) + if !ok { + v.chain.fail("\nexpected string value, but got:\n%s", dumpValue(v.value)) + } + return &String{v.chain, data} +} diff --git a/test/e2e/servicebackend/service_externalname.go b/test/e2e/servicebackend/service_externalname.go index 30c4f6ba0..0d121c671 100644 --- a/test/e2e/servicebackend/service_externalname.go +++ b/test/e2e/servicebackend/service_externalname.go @@ -22,7 +22,8 @@ import ( "net/http" "strings" - "github.com/gavv/httpexpect/v2" + "k8s.io/ingress-nginx/test/e2e/framework/httpexpect" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" diff --git a/test/e2e/settings/disable_service_external_name.go b/test/e2e/settings/disable_service_external_name.go index 03c8020b6..a24cfebde 100644 --- a/test/e2e/settings/disable_service_external_name.go +++ b/test/e2e/settings/disable_service_external_name.go @@ -21,7 +21,8 @@ import ( "net/http" "strings" - "github.com/gavv/httpexpect/v2" + "k8s.io/ingress-nginx/test/e2e/framework/httpexpect" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" From db3cdc04e40c5fab51c010902eac2522572e9a3c Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 5 Sep 2022 07:28:36 -0400 Subject: [PATCH 264/494] release 1.3.1 (#9014) * release 1.3.1 Signed-off-by: James Strong * fix readme Signed-off-by: James Strong * fix readme Signed-off-by: James Strong * fix readme Signed-off-by: James Strong * Fix chart linter * Fix helm docs * Fix helm docs * fix helm docs * Add warning about lease change * Disable PSP in v1.25 * rollback cluster in helmchart to psp tests Signed-off-by: James Strong Co-authored-by: Ricardo Pchevuzinske Katz --- .github/workflows/ci.yaml | 4 +- Changelog.md | 77 +++++++++++++++++++ README.md | 14 ++-- RELEASE.md | 4 +- build/build.sh | 2 + charts/ingress-nginx/Chart.yaml | 4 +- charts/ingress-nginx/README.md | 64 +++++++-------- .../templates/controller-psp.yaml | 2 + .../templates/default-backend-psp.yaml | 2 + deploy/static/provider/aws/deploy.yaml | 42 +++++----- .../aws/nlb-with-tls-termination/deploy.yaml | 42 +++++----- deploy/static/provider/baremetal/deploy.yaml | 42 +++++----- deploy/static/provider/cloud/deploy.yaml | 42 +++++----- deploy/static/provider/do/deploy.yaml | 42 +++++----- deploy/static/provider/exoscale/deploy.yaml | 42 +++++----- deploy/static/provider/kind/deploy.yaml | 42 +++++----- deploy/static/provider/scw/deploy.yaml | 42 +++++----- docs/deploy/index.md | 20 ++--- hack/verify-chart-lint.sh | 5 +- 19 files changed, 309 insertions(+), 225 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d469ae959..54a935917 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -149,7 +149,7 @@ jobs: - name: Run helm-docs run: | - GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@e91c4c3337d3bf3fdad8de1763999a5c3325567f # v1.8.1 + GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md) if [ ! -z "$DIFF" ]; then @@ -175,7 +175,7 @@ jobs: uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: version: v0.15.0 - image: kindest/node:v1.25.0 + image: kindest/node:v1.24.4 - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: diff --git a/Changelog.md b/Changelog.md index d4a6bbcd1..c05911b9f 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,82 @@ # Changelog +### 1.3.1 + +Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases. + +https://www.surveymonkey.com/r/ingressngx2022 + +In v1.3.1 leader elections will be done entirely using the Lease API and no longer using configmaps. +v1.3.0 is a safe transition version, using v1.3.0 can automatically complete the merging of election locks, and then you can safely upgrade to v1.3.1. + +Also, *important note*, with the Release of Kubernetes v1.25 we are dropping support for the legacy branches, +please upgrade to a v1.0.0 and above branch + +## Image: +- registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 +- registry.k8s.io/ingress-nginx/controller-chroot:v1.3.1@sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1 + + +## What's Changed + +_IMPORTANT CHANGES:_ +- Update to golang 1.19 +- Started migration for Data and Control Plane splits +- Upgrade to Alpine 3.16.2 +- New kubectl plugin release workflow +- New CVE findings template + +All other Changes +- [9006](https://github.com/kubernetes/ingress-nginx/pull/9006) issue:8739 fix doc issue +- [9003](https://github.com/kubernetes/ingress-nginx/pull/9003) Bump github/codeql-action from 2.1.21 to 2.1.22 +- [9001](https://github.com/kubernetes/ingress-nginx/pull/9001) GitHub Workflows security hardening +- [8992](https://github.com/kubernetes/ingress-nginx/pull/8992) Bump github.com/opencontainers/runc from 1.1.3 to 1.1.4 +- [8991](https://github.com/kubernetes/ingress-nginx/pull/8991) Bump google.golang.org/grpc from 1.48.0 to 1.49.0 +- [8986](https://github.com/kubernetes/ingress-nginx/pull/8986) Bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 +- [8984](https://github.com/kubernetes/ingress-nginx/pull/8984) fixed deprecated ginkgo flags +- [8982](https://github.com/kubernetes/ingress-nginx/pull/8982) Bump github/codeql-action from 2.1.20 to 2.1.21 +- [8981](https://github.com/kubernetes/ingress-nginx/pull/8981) Bump actions/setup-go from 3.2.1 to 3.3.0 +- [8976](https://github.com/kubernetes/ingress-nginx/pull/8976) Update apiserver to 0.25 to remove v2 go-restful +- [8970](https://github.com/kubernetes/ingress-nginx/pull/8970) bump Golang to 1.19 #8932 +- [8969](https://github.com/kubernetes/ingress-nginx/pull/8969) fix: go-restful CVE #8745 +- [8967](https://github.com/kubernetes/ingress-nginx/pull/8967) updated to testrunnerimage with updated yamale yamllint +- [8966](https://github.com/kubernetes/ingress-nginx/pull/8966) added note on digitalocean annotations +- [8960](https://github.com/kubernetes/ingress-nginx/pull/8960) upgrade yamale and yamllint version +- [8959](https://github.com/kubernetes/ingress-nginx/pull/8959) revert changes to configmap resource permissions +- [8957](https://github.com/kubernetes/ingress-nginx/pull/8957) Bump github/codeql-action from 2.1.19 to 2.1.20 +- [8956](https://github.com/kubernetes/ingress-nginx/pull/8956) Bump azure/setup-helm from 2.1 to 3.3 +- [8954](https://github.com/kubernetes/ingress-nginx/pull/8954) Bump actions/dependency-review-action from 2.0.4 to 2.1.0 +- [8953](https://github.com/kubernetes/ingress-nginx/pull/8953) Bump aquasecurity/trivy-action from 0.5.1 to 0.7.1 +- [8952](https://github.com/kubernetes/ingress-nginx/pull/8952) Bump securego/gosec from b99b5f7838e43a4104354ad92a6a1774302ee1f9 to 2.13.1 +- [8951](https://github.com/kubernetes/ingress-nginx/pull/8951) Bump geekyeggo/delete-artifact from a6ab43859c960a8b74cbc6291f362c7fb51829ba to 1 +- [8950](https://github.com/kubernetes/ingress-nginx/pull/8950) Bump github/codeql-action from 2.1.18 to 2.1.19 +- [8948](https://github.com/kubernetes/ingress-nginx/pull/8948) updated testrunner and testecho images +- [8946](https://github.com/kubernetes/ingress-nginx/pull/8946) Clean old code and move helper functions +- [8944](https://github.com/kubernetes/ingress-nginx/pull/8944) Make keep-alive documentation more explicit for clarity +- [8939](https://github.com/kubernetes/ingress-nginx/pull/8939) bump baseimage alpine to v3.16.2 for zlib CVE fix + +## New Contributors +* @mtnezm made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8817 +* @tamcore made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8821 +* @guilhem made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8827 +* @lilien1010 made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8830 +* @qilongqiu made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8855 +* @dgoffredo made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8848 +* @Volatus made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8859 +* @europ made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8841 +* @mrksngl made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/7892 +* @omichels made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8895 +* @zeeZ made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8881 +* @mjudeikis made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8928 +* @NissesSenap made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8873 +* @anders-swanson made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8665 +* @aslafy-z made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8905 +* @harry1064 made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8825 +* @sashashura made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9001 +* @sreelakshminarayananm made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9006 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.3.0...controller-v1.3.1 + ### 1.3.0 Image: diff --git a/README.md b/README.md index c8bdcdf86..fce3fbb84 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,10 @@ [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx?ref=badge_shield) +Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases. + +https://www.surveymonkey.com/r/ingressngx2022 + ## Overview ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load balancer. @@ -31,6 +35,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | | v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | | v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | @@ -43,12 +48,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | v1.0.2 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | v1.0.1 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | -| v0.51.0 | 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | -| v0.49.3 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v0.49.2 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v0.49.1 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v0.49.0 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | -| v0.48.1 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | + † _This build is [patched against CVE-2021-23017](https://github.com/openresty/openresty/commit/4b5ec7edd78616f544abc194308e0cf4b788725b#diff-42ef841dc27fe0b5aa2d06bd31308bb63a59cdcddcbcddd917248349d22020a3)._ @@ -70,7 +70,7 @@ Thanks for taking the time to join our community and start contributing! - **Support**: Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users. - - The [github issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests. + - The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests. - **Discuss**: Tweet using the `#IngressNginx` hashtag. diff --git a/RELEASE.md b/RELEASE.md index 8fbc0932f..210277942 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -173,7 +173,7 @@ Promoting the images basically means that images, that were pushed to staging co - Run the below command and save the output to a txt file ``` - gh pr list -s merged -L 38 -B main | cut -f1,2 | tee ~/Downloads/prlist.txt + gh pr list -R kubernetes/ingress-nginx -s merged -L 38 -B main | cut -f1,2 | tee ~/Downloads/prlist.txt ``` - The -L 38 was used for 2 reasons. - Default number of results is 30 and there were more than 30 PRs merged while releasing v1.1.1. If you see the current/soon-to-be-old changelog, you can look at the most recent PR number that has been accounted for already, and start from after that last accounted for PR. @@ -222,7 +222,7 @@ Promoting the images basically means that images, that were pushed to staging co - If you saved the bash script content above, in a file like `$HOME/bin/prlist_to_changelog.sh`, then you could execute a command like this to get your prlist in a text file called changelog_content.txt;` ``` - prlist_to_changelog.sh ~/Downloads/prlist.txt | tee ~/Downloads//changelog_content.txt` + prlist_to_changelog.sh ~/Downloads/prlist.txt | tee ~/Downloads//changelog_content.txt ``` ### d. Edit the values.yaml and run helm-docs diff --git a/build/build.sh b/build/build.sh index c0372bc25..42bec820b 100755 --- a/build/build.sh +++ b/build/build.sh @@ -49,7 +49,9 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director echo "Building ${PKG}/cmd/nginx" +pushd /go/src/k8s.io/ingress-nginx git config --add safe.directory /go/src/k8s.io/ingress-nginx +popd ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 8b7f8ca16..178f7f722 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.3 -appVersion: 1.3.0 +version: 4.2.4 +appVersion: 1.3.1 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 8357cab56..17743881c 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.3](https://img.shields.io/badge/Version-4.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 4.2.4](https://img.shields.io/badge/Version-4.2.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.1](https://img.shields.io/badge/AppVersion-1.3.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -260,7 +260,7 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | -| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job | +| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # | | controller.admissionWebhooks.patch.securityContext.fsGroup | int | `2000` | | | controller.admissionWebhooks.patch.securityContext.runAsNonRoot | bool | `true` | | | controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | | @@ -272,9 +272,9 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.service.loadBalancerSourceRanges | list | `[]` | | | controller.admissionWebhooks.service.servicePort | int | `443` | | | controller.admissionWebhooks.service.type | string | `"ClusterIP"` | | -| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes | +| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # | | controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected | -| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet | +| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # | | controller.autoscaling.behavior | object | `{}` | | | controller.autoscaling.enabled | bool | `false` | | | controller.autoscaling.maxReplicas | int | `11` | | @@ -292,7 +292,7 @@ Kubernetes: `>=1.20.0-0` | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | | controller.electionID | string | `"ingress-controller-leader"` | Election ID to use for status update | -| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. | +| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | | controller.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use | | controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. | @@ -335,8 +335,8 @@ Kubernetes: `>=1.20.0-0` | controller.keda.scaledObject.annotations | object | `{}` | | | controller.keda.triggers | list | `[]` | | | controller.kind | string | `"Deployment"` | Use a `DaemonSet` or `Deployment` | -| controller.labels | object | `{}` | Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels | -| controller.lifecycle | object | `{"preStop":{"exec":{"command":["/wait-shutdown"]}}}` | Improve connection draining when ingress controller pod is deleted using a lifecycle hook: With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds to 300, allowing the draining of connections up to five minutes. If the active connections end before that, the pod will terminate gracefully at that time. To effectively take advantage of this feature, the Configmap feature worker-shutdown-timeout new value is 240s instead of 10s. | +| controller.labels | object | `{}` | Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels # | +| controller.lifecycle | object | `{"preStop":{"exec":{"command":["/wait-shutdown"]}}}` | Improve connection draining when ingress controller pod is deleted using a lifecycle hook: With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds to 300, allowing the draining of connections up to five minutes. If the active connections end before that, the pod will terminate gracefully at that time. To effectively take advantage of this feature, the Configmap feature worker-shutdown-timeout new value is 240s instead of 10s. # | | controller.livenessProbe.failureThreshold | int | `5` | | | controller.livenessProbe.httpGet.path | string | `"/healthz"` | | | controller.livenessProbe.httpGet.port | int | `10254` | | @@ -345,14 +345,14 @@ Kubernetes: `>=1.20.0-0` | controller.livenessProbe.periodSeconds | int | `10` | | | controller.livenessProbe.successThreshold | int | `1` | | | controller.livenessProbe.timeoutSeconds | int | `1` | | -| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. | +| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | | controller.metrics.enabled | bool | `false` | | | controller.metrics.port | int | `10254` | | | controller.metrics.prometheusRule.additionalLabels | object | `{}` | | | controller.metrics.prometheusRule.enabled | bool | `false` | | | controller.metrics.prometheusRule.rules | list | `[]` | | | controller.metrics.service.annotations | object | `{}` | | -| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available | +| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | controller.metrics.service.loadBalancerSourceRanges | list | `[]` | | | controller.metrics.service.servicePort | int | `10254` | | | controller.metrics.service.type | string | `"ClusterIP"` | | @@ -365,10 +365,10 @@ Kubernetes: `>=1.20.0-0` | controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | | | controller.metrics.serviceMonitor.targetLabels | list | `[]` | | | controller.minAvailable | int | `1` | | -| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready | +| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | controller.name | string | `"controller"` | | -| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment | -| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods | +| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | +| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata | | controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | | controller.priorityClassName | string | `""` | | @@ -392,17 +392,17 @@ Kubernetes: `>=1.20.0-0` | controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) | | controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. | | controller.service.annotations | object | `{}` | | -| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 | +| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # | | controller.service.enableHttp | bool | `true` | | | controller.service.enableHttps | bool | `true` | | | controller.service.enabled | bool | `true` | | | controller.service.external.enabled | bool | `true` | | -| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available | +| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. | | controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | -| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. | -| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. | +| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | +| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.labels | object | `{}` | | | controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.loadBalancerSourceRanges | list | `[]` | | @@ -419,12 +419,12 @@ Kubernetes: `>=1.20.0-0` | controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | | controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | | controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) | -| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready | -| controller.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints | -| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. | +| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # | +| controller.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # | | controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap | | controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) | -| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet | +| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false | | defaultBackend.affinity | object | `{}` | | | defaultBackend.autoscaling.annotations | object | `{}` | | @@ -433,7 +433,7 @@ Kubernetes: `>=1.20.0-0` | defaultBackend.autoscaling.minReplicas | int | `1` | | | defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | | | defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | -| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | +| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | | defaultBackend.enabled | bool | `false` | | | defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one | | defaultBackend.extraArgs | object | `{}` | | @@ -456,10 +456,10 @@ Kubernetes: `>=1.20.0-0` | defaultBackend.livenessProbe.timeoutSeconds | int | `5` | | | defaultBackend.minAvailable | int | `1` | | | defaultBackend.name | string | `"defaultbackend"` | | -| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment | -| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods | +| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | +| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # | | defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata | -| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | +| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | | defaultBackend.port | int | `8080` | | | defaultBackend.priorityClassName | string | `""` | | | defaultBackend.readinessProbe.failureThreshold | int | `6` | | @@ -470,25 +470,25 @@ Kubernetes: `>=1.20.0-0` | defaultBackend.replicaCount | int | `1` | | | defaultBackend.resources | object | `{}` | | | defaultBackend.service.annotations | object | `{}` | | -| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available | +| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | defaultBackend.service.loadBalancerSourceRanges | list | `[]` | | | defaultBackend.service.servicePort | int | `80` | | | defaultBackend.service.type | string | `"ClusterIP"` | | | defaultBackend.serviceAccount.automountServiceAccountToken | bool | `true` | | | defaultBackend.serviceAccount.create | bool | `true` | | | defaultBackend.serviceAccount.name | string | `""` | | -| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints | -| dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` | -| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials | +| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | +| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | | podSecurityPolicy.enabled | bool | `false` | | -| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service | +| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration | | rbac.create | bool | `true` | | | rbac.scope | bool | `false` | | -| revisionHistoryLimit | int | `10` | Rollback limit | +| revisionHistoryLimit | int | `10` | Rollback limit # | | serviceAccount.annotations | object | `{}` | Annotations for the controller service account | | serviceAccount.automountServiceAccountToken | bool | `true` | | | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | -| tcp | object | `{}` | TCP service key-value pairs | -| udp | object | `{}` | UDP service key-value pairs | +| tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | +| udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | diff --git a/charts/ingress-nginx/templates/controller-psp.yaml b/charts/ingress-nginx/templates/controller-psp.yaml index fe34408c8..2e0499ce9 100644 --- a/charts/ingress-nginx/templates/controller-psp.yaml +++ b/charts/ingress-nginx/templates/controller-psp.yaml @@ -1,3 +1,4 @@ +{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} {{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -90,3 +91,4 @@ spec: seLinux: rule: 'RunAsAny' {{- end }} +{{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-psp.yaml b/charts/ingress-nginx/templates/default-backend-psp.yaml index 42061c5d3..c144c8fbf 100644 --- a/charts/ingress-nginx/templates/default-backend-psp.yaml +++ b/charts/ingress-nginx/templates/default-backend-psp.yaml @@ -1,3 +1,4 @@ +{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} {{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -34,3 +35,4 @@ spec: - secret - downwardAPI {{- end }} +{{- end }} diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 300ca7b01..cca1474d2 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -511,7 +511,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -522,7 +522,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -558,7 +558,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -569,7 +569,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -607,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -620,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 7e7ce8f22..20f2c665a 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -334,7 +334,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,7 +352,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -385,7 +385,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -408,7 +408,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -448,7 +448,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -570,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -581,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -619,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -632,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index e23e4b7f3..f2f3d4ac9 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -371,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -394,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -433,7 +433,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -505,7 +505,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -516,7 +516,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -552,7 +552,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -563,7 +563,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -601,7 +601,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -614,7 +614,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 77407e8a9..d7ba531c2 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -435,7 +435,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -507,7 +507,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -518,7 +518,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -554,7 +554,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -565,7 +565,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -603,7 +603,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -616,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index e35d1d7ca..f24648b5e 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -342,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -375,7 +375,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -398,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -438,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -510,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -521,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -557,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -568,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -606,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -619,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index fe9a2de7f..856fbfa8d 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -348,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -381,7 +381,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -404,7 +404,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -444,7 +444,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -516,7 +516,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -527,7 +527,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -563,7 +563,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -574,7 +574,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -612,7 +612,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -625,7 +625,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 5ddb9c166..5291d2d33 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -371,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -394,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -568,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -579,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -617,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -630,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 2dba2dc51..a43df9de4 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -342,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -375,7 +375,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -398,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -438,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -510,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -521,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -557,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -568,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -606,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -619,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index d5bd5c90d..d95ca9a33 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -60,7 +60,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -215,7 +215,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -223,10 +223,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -272,7 +272,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -289,7 +289,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -297,7 +297,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -305,7 +305,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -320,7 +320,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml ``` A @@ -337,7 +337,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), diff --git a/hack/verify-chart-lint.sh b/hack/verify-chart-lint.sh index c18caaba2..2d59dadce 100755 --- a/hack/verify-chart-lint.sh +++ b/hack/verify-chart-lint.sh @@ -19,5 +19,6 @@ set -o nounset set -o pipefail KUBE_ROOT="$( cd "$(dirname "$0")../" >/dev/null 2>&1 ; pwd -P )" - -ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false +# TODO: This is a temporary workaround while we don't update Helm Chart test +curl https://raw.githubusercontent.com/helm/chart-testing/v3.7.0/etc/chart_schema.yaml -o /tmp/chart_schema.yaml +ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false --chart-yaml-schema=/tmp/chart_schema.yaml From 9a42ded8bac9630a55e20e29d47db4af3ce904e6 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Mon, 5 Sep 2022 20:16:36 +0200 Subject: [PATCH 265/494] fix LD_LIBRARY_PATH (#9017) --- images/opentelemetry/rootfs/init_module.sh | 2 +- rootfs/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/opentelemetry/rootfs/init_module.sh b/images/opentelemetry/rootfs/init_module.sh index bac5e64aa..029233f7b 100755 --- a/images/opentelemetry/rootfs/init_module.sh +++ b/images/opentelemetry/rootfs/init_module.sh @@ -19,4 +19,4 @@ set -o nounset set -o pipefail mkdir -p /modules_mount/etc/nginx/modules -cp -R /etc/nginx/modules /modules_mount/etc/nginx/modules +cp -R /etc/nginx/modules/* /modules_mount/etc/nginx/modules/otel diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 48c57a74e..75cf3fc65 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -63,7 +63,7 @@ RUN bash -xeu -c ' \ # LD_LIBRARY_PATH does not work so below is needed for opentelemetry/other modules # Put libs of newer modules under `/modules_mount//lib` and add that path below # Could get complicated arch specific paths become a need - && echo "/lib:/usr/lib:/usr/local/lib:/modules_mount/otel/lib" > /etc/ld-musl-x86_64.path + && echo "/lib:/usr/lib:/usr/local/lib:/modules_mount/etc/nginx/modules/otel" > /etc/ld-musl-x86_64.path RUN apk add --no-cache libcap \ From e079486d4dc40387389adbaed7ec9b80d897d810 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 5 Sep 2022 22:10:56 -0400 Subject: [PATCH 266/494] updates for fixing 1.3.1 release (#9023) * updates for fixing 1.3.1 release Signed-off-by: James Strong * update chart readmea Signed-off-by: James Strong * updating chart Signed-off-by: James Strong * supdate wording of legacy drop * supgraded helm docs * one more time Signed-off-by: James Strong Signed-off-by: James Strong --- Changelog.md | 3 ++- charts/ingress-nginx/Chart.yaml | 3 +-- charts/ingress-nginx/README.md | 8 ++++---- charts/ingress-nginx/values.yaml | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Changelog.md b/Changelog.md index c05911b9f..bcbcfee04 100644 --- a/Changelog.md +++ b/Changelog.md @@ -10,7 +10,8 @@ In v1.3.1 leader elections will be done entirely using the Lease API and no long v1.3.0 is a safe transition version, using v1.3.0 can automatically complete the merging of election locks, and then you can safely upgrade to v1.3.1. Also, *important note*, with the Release of Kubernetes v1.25 we are dropping support for the legacy branches, -please upgrade to a v1.0.0 and above branch +Also, *important note*, with the release of Kubernetes v1.25, we are dropping support for the legacy edition, +that means all version <1.0.0 of the ingress-nginx-controller. ## Image: - registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 178f7f722..08dcdb6ed 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.4 +version: 4.2.5 appVersion: 1.3.1 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer @@ -12,7 +12,6 @@ keywords: - nginx sources: - https://github.com/kubernetes/ingress-nginx -type: application maintainers: - name: rikatz - name: strongjz diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 17743881c..4e6a696c6 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.4](https://img.shields.io/badge/Version-4.2.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.1](https://img.shields.io/badge/AppVersion-1.3.1-informational?style=flat-square) +![Version: 4.2.5](https://img.shields.io/badge/Version-4.2.5-informational?style=flat-square) ![AppVersion: 1.3.1](https://img.shields.io/badge/AppVersion-1.3.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -310,13 +310,13 @@ Kubernetes: `>=1.20.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5"` | | -| controller.image.digestChroot | string | `"sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191"` | | +| controller.image.digest | string | `"sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974"` | | +| controller.image.digestChroot | string | `"sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.3.0"` | | +| controller.image.tag | string | `"v1.3.1"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 1889e4901..9ec174f7e 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.3.0" - digest: sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - digestChroot: sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191 + tag: "v1.3.1" + digest: sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + digestChroot: sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 From 037e0194fa8280fe0515d1909e28780b838c18ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Sep 2022 06:32:54 -0700 Subject: [PATCH 267/494] Bump k8s.io/klog/v2 from 2.70.1 to 2.80.0 (#9021) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.70.1 to 2.80.0. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.70.1...v2.80.0) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 +--- go.sum | 7 ++----- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 2c220232e..272a529fa 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( k8s.io/client-go v0.25.0 k8s.io/code-generator v0.23.5 k8s.io/component-base v0.25.0 - k8s.io/klog/v2 v2.70.1 + k8s.io/klog/v2 v2.80.0 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 sigs.k8s.io/mdtoc v1.1.0 @@ -70,7 +70,6 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect - github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.2.0 // indirect @@ -81,7 +80,6 @@ require ( github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.8 // indirect github.com/google/gofuzz v1.1.0 // indirect - github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect diff --git a/go.sum b/go.sum index 92f966d6f..ec3712740 100644 --- a/go.sum +++ b/go.sum @@ -212,8 +212,6 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -305,7 +303,6 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -1162,8 +1159,8 @@ k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ= -k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.80.0 h1:lyJt0TWMPaGoODa8B8bUuxgHS3W/m/bNr2cca3brA/g= +k8s.io/klog/v2 v2.80.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= From f02003457974b223e56e23955dfa42773841a158 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Sep 2022 06:34:55 -0700 Subject: [PATCH 268/494] Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.6 (#9022) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.1.4 to 2.1.6. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.1.4...v2.1.6) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 272a529fa..1f3259c47 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.1.4 + github.com/onsi/ginkgo/v2 v2.1.6 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 diff --git a/go.sum b/go.sum index ec3712740..fd830d995 100644 --- a/go.sum +++ b/go.sum @@ -456,12 +456,12 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY= -github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= +github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU= +github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= +github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= From 981ce38a7f0455bee35d692af237089ce5a42220 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Wed, 7 Sep 2022 01:34:23 +0200 Subject: [PATCH 269/494] fix otel init_module (#9028) --- images/opentelemetry/rootfs/init_module.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/opentelemetry/rootfs/init_module.sh b/images/opentelemetry/rootfs/init_module.sh index 029233f7b..5a675aa2b 100755 --- a/images/opentelemetry/rootfs/init_module.sh +++ b/images/opentelemetry/rootfs/init_module.sh @@ -18,5 +18,5 @@ set -o errexit set -o nounset set -o pipefail -mkdir -p /modules_mount/etc/nginx/modules +mkdir -p /modules_mount/etc/nginx/modules/otel cp -R /etc/nginx/modules/* /modules_mount/etc/nginx/modules/otel From b212b5a8b4cf0bdf089406774b8bf4ac34bb992c Mon Sep 17 00:00:00 2001 From: gunamata <59538726+gunamata@users.noreply.github.com> Date: Fri, 9 Sep 2022 18:53:23 +0000 Subject: [PATCH 270/494] Added instructions for Rancher Desktop (#9035) Signed-off-by: Gunasekhar Matamalam Signed-off-by: Gunasekhar Matamalam --- docs/deploy/index.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index d95ca9a33..5a0b6bfb8 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -20,6 +20,7 @@ ingress controller for your particular environment or cloud provider. - [Environment-specific instructions](#environment-specific-instructions) - ... [Docker Desktop](#docker-desktop) + - ... [Rancher Desktop](#rancher-desktop) - ... [minikube](#minikube) - ... [MicroK8s](#microk8s) - ... [AWS](#aws) @@ -186,6 +187,14 @@ will be assigned the `EXTERNAL-IP` of `localhost`, which means that it will be r doesn't work, you might have to fall back to the `kubectl port-forward` method described in the [local testing section](#local-testing). +#### Rancher Desktop + +Rancher Desktop provides Kubernetes and Container Management on the desktop. Kubernetes is enabled by default in Rancher Desktop. + +Rancher Desktop uses K3s under the hood, which in turn uses Traefik as the default ingress controller for the Kubernetes cluster. To use NGINX ingress controller in place of the default Traefik, disable Traefik from Preference > Kubernetes menu. + +Once traefik is disabled, the NGINX ingress controller can be installed on Rancher Desktop using the default [quick start](#quick-start) instructions. Follow the instructions described in the [local testing section](#local-testing) to try a sample. + ### Cloud deployments If the load balancers of your cloud provider do active healthchecks on their backends (most do), you can change the From 6ef73175818918b8506d89b94369f8965b9fde34 Mon Sep 17 00:00:00 2001 From: Anders Swanson <91502735+anders-swanson@users.noreply.github.com> Date: Mon, 12 Sep 2022 07:28:44 -0700 Subject: [PATCH 271/494] Revert "Metrics port name (Helm) (#8665)" This reverts commit adeb84aa38cbccb8dde471ab222b799b7cc439d3. --- charts/ingress-nginx/templates/controller-daemonset.yaml | 2 +- charts/ingress-nginx/templates/controller-deployment.yaml | 2 +- .../ingress-nginx/templates/controller-service-metrics.yaml | 4 ++-- charts/ingress-nginx/templates/controller-servicemonitor.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 80c268f7c..2dca8e5c1 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -114,7 +114,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: http-metrics + - name: metrics containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 5ad186794..5b781f8de 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -118,7 +118,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: http-metrics + - name: metrics containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service-metrics.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml index 1c1d5bddb..0aaf41473 100644 --- a/charts/ingress-nginx/templates/controller-service-metrics.yaml +++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml @@ -31,10 +31,10 @@ spec: externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }} {{- end }} ports: - - name: http-metrics + - name: metrics port: {{ .Values.controller.metrics.service.servicePort }} protocol: TCP - targetPort: http-metrics + targetPort: metrics {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }} {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }} nodePort: {{ .Values.controller.metrics.service.nodePort }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 973d36b3e..4dbc6da9f 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -14,7 +14,7 @@ metadata: {{- end }} spec: endpoints: - - port: http-metrics + - port: metrics interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} honorLabels: true From e7c793f65dc2faa7611d0e43dccfd8e24c483245 Mon Sep 17 00:00:00 2001 From: Anders Swanson Date: Mon, 12 Sep 2022 12:34:40 -0700 Subject: [PATCH 272/494] parameterize port name --- charts/ingress-nginx/templates/controller-daemonset.yaml | 2 +- charts/ingress-nginx/templates/controller-deployment.yaml | 2 +- .../ingress-nginx/templates/controller-service-metrics.yaml | 4 ++-- charts/ingress-nginx/templates/controller-servicemonitor.yaml | 2 +- charts/ingress-nginx/values.yaml | 1 + 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 2dca8e5c1..805d2f209 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -114,7 +114,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: metrics + - name: {{ .Values.controller.metrics.portName }} containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 5b781f8de..4fd6561bd 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -118,7 +118,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: metrics + - name: {{ .Values.controller.metrics.portName }} containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service-metrics.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml index 0aaf41473..b178401c9 100644 --- a/charts/ingress-nginx/templates/controller-service-metrics.yaml +++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml @@ -31,10 +31,10 @@ spec: externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }} {{- end }} ports: - - name: metrics + - name: {{ .Values.controller.metrics.portName }} port: {{ .Values.controller.metrics.service.servicePort }} protocol: TCP - targetPort: metrics + targetPort: {{ .Values.controller.metrics.portName }} {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }} {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }} nodePort: {{ .Values.controller.metrics.service.nodePort }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 4dbc6da9f..8ab16f0b2 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -14,7 +14,7 @@ metadata: {{- end }} spec: endpoints: - - port: metrics + - port: {{ .Values.controller.metrics.portName }} interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} honorLabels: true diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 9ec174f7e..e65b61608 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -666,6 +666,7 @@ controller: metrics: port: 10254 + portName: metrics # if this port is changed, change healthz-port: in extraArgs: accordingly enabled: false From 4bb3b3877c8aed73af963a82c678c80afa669809 Mon Sep 17 00:00:00 2001 From: Anders Swanson Date: Mon, 12 Sep 2022 12:45:54 -0700 Subject: [PATCH 273/494] Document new values key --- charts/ingress-nginx/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 4e6a696c6..62ddfe2ca 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -348,6 +348,7 @@ Kubernetes: `>=1.20.0-0` | controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | | controller.metrics.enabled | bool | `false` | | | controller.metrics.port | int | `10254` | | +| controller.metrics.portName | string | `metrics` | Port name for metrics service | | controller.metrics.prometheusRule.additionalLabels | object | `{}` | | | controller.metrics.prometheusRule.enabled | bool | `false` | | | controller.metrics.prometheusRule.rules | list | `[]` | | From adb7a9d6ccf85c034aed9b0acc00c8218942e80f Mon Sep 17 00:00:00 2001 From: Anders Swanson Date: Mon, 12 Sep 2022 13:03:54 -0700 Subject: [PATCH 274/494] Fix for Docs check --- charts/ingress-nginx/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 62ddfe2ca..53f887a25 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -348,7 +348,7 @@ Kubernetes: `>=1.20.0-0` | controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | | controller.metrics.enabled | bool | `false` | | | controller.metrics.port | int | `10254` | | -| controller.metrics.portName | string | `metrics` | Port name for metrics service | +| controller.metrics.portName | string | `"metrics"` | | | controller.metrics.prometheusRule.additionalLabels | object | `{}` | | | controller.metrics.prometheusRule.enabled | bool | `false` | | | controller.metrics.prometheusRule.rules | list | `[]` | | From ec4c53f0f32bcfdfd6b5de4b412f5082ea244041 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 06:41:28 -0700 Subject: [PATCH 275/494] Bump ossf/scorecard-action from 1.1.2 to 2.0.2 (#9044) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.1.2 to 2.0.2. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/ce330fde6b1a5c9c75b417e7efc510b822a35564...68bf5b3327e4fd443d2add8ab122280547b4a16d) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 20961611c..dcb8fc55b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # v1.1.1 + uses: ossf/scorecard-action@68bf5b3327e4fd443d2add8ab122280547b4a16d # v1.1.1 with: results_file: results.sarif results_format: sarif From 0b8dc59eaf6cd385584ede2ca28df9b9db58fbb5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 06:43:24 -0700 Subject: [PATCH 276/494] Bump actions/upload-artifact from 3.0.0 to 3.1.0 (#9045) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...3cea5372237819ed00197afe530f5a7ea3e805c8) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index dcb8fc55b..8d3900b0b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.0.0 with: name: SARIF file path: results.sarif From f352f1f70b2aa2c21fa88efb8af05120d854ff81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 07:17:24 -0700 Subject: [PATCH 277/494] Bump k8s.io/klog/v2 from 2.80.0 to 2.80.1 (#9043) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.80.0 to 2.80.1. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.80.0...v2.80.1) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1f3259c47..521b58fce 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( k8s.io/client-go v0.25.0 k8s.io/code-generator v0.23.5 k8s.io/component-base v0.25.0 - k8s.io/klog/v2 v2.80.0 + k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 sigs.k8s.io/mdtoc v1.1.0 diff --git a/go.sum b/go.sum index fd830d995..5a5411fae 100644 --- a/go.sum +++ b/go.sum @@ -1159,8 +1159,8 @@ k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.80.0 h1:lyJt0TWMPaGoODa8B8bUuxgHS3W/m/bNr2cca3brA/g= -k8s.io/klog/v2 v2.80.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= +k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= From 1ce0b55f62208b6c4c1c1b3f41560a714d772b95 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Thu, 15 Sep 2022 21:37:34 +0200 Subject: [PATCH 278/494] update OpenTelemetry image (#9036) * update OpenTelemetry image * use promoted image --- charts/ingress-nginx/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 9ec174f7e..9c34e7f6f 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -580,7 +580,7 @@ controller: extraModules: [] ## Modules, which are mounted into the core nginx image # - name: opentelemetry - # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220801-g00ee51f09@sha256:482562feba02ad178411efc284f8eb803a185e3ea5588b6111ccbc20b816b427 + # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220906-g981ce38a7@sha256:aa079daa7efd93aa830e26483a49a6343354518360929494bad1d0ad3303142e # # The image must contain a `/usr/local/bin/init_module.sh` executable, which # will be executed as initContainers, to move its config files within the From e68ab4f39522854dd74f971965db767e6a981e34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 21:45:17 -0700 Subject: [PATCH 279/494] Bump github/codeql-action from 2.1.22 to 2.1.23 (#9052) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.22 to 2.1.23. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b398f525a5587552e573b247ac661067fafa920b...6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 8d3900b0b..2974012a8 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b # v2.1.14 + uses: github/codeql-action/upload-sarif@6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 945c7a935..f47c5d626 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b + uses: github/codeql-action/upload-sarif@6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From ca1e8b6d9ec26d2298ed4e3554d84d827f888e8f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 21:47:16 -0700 Subject: [PATCH 280/494] Bump ossf/scorecard-action from 2.0.2 to 2.0.3 (#9053) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.2 to 2.0.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/68bf5b3327e4fd443d2add8ab122280547b4a16d...865b4092859256271290c77adbd10a43f4779972) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2974012a8..62dafe1f3 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@68bf5b3327e4fd443d2add8ab122280547b4a16d # v1.1.1 + uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972 # v1.1.1 with: results_file: results.sarif results_format: sarif From d32f8c343922b8ddb2a1a55eac9633a288c3f405 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 16 Sep 2022 18:45:18 +0530 Subject: [PATCH 281/494] bump go to v1.19.1 (#9057) --- .github/workflows/ci.yaml | 10 +++++----- .github/workflows/plugin.yaml | 2 +- images/custom-error-pages/rootfs/Dockerfile | 2 +- images/ext-auth-example-authsvc/rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 2 +- images/test-runner/Makefile | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 54a935917..9d7941ab5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -70,11 +70,11 @@ jobs: - name: Checkout uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - - name: Set up Go 1.19.0 + - name: Set up Go 1.19.1 id: go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.0' + go-version: '1.19.1' - name: Set up QEMU uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 #v2.0.0 @@ -136,7 +136,7 @@ jobs: - name: Setup Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.0' + go-version: '1.19.1' - name: cache uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3 @@ -406,12 +406,12 @@ jobs: version: v0.15.0 image: kindest/node:v1.25.0 - - name: Set up Go 1.19.0 + - name: Set up Go 1.19.1 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.0' + go-version: '1.19.1' - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 1d5ee2787..319055b62 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -24,7 +24,7 @@ jobs: - name: Set up Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: 1.19.0 + go-version: 1.19.1 - name: Run GoReleaser uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.0.0 diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index 513354279..768b1e9df 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.19.0-alpine as builder +FROM golang:1.19.1-alpine as builder RUN apk add git WORKDIR /go/src/k8s.io/ingress-nginx/images/custom-error-pages diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 2eb010379..c2387d90a 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.19.0-alpine3.16 as builder +FROM golang:1.19.1-alpine3.16 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index 1ed714b56..b8e4ef8b1 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.19.0 as builder +FROM --platform=$BUILDPLATFORM golang:1.19.1 as builder ARG BUILDPLATFORM ARG TARGETARCH diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index ad888e5c7..32e09ca23 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -39,7 +39,7 @@ build: ensure-buildx --progress=$(PROGRESS) \ --pull \ --build-arg BASE_IMAGE=$(NGINX_BASE_IMAGE) \ - --build-arg GOLANG_VERSION=1.19.0 \ + --build-arg GOLANG_VERSION=1.19.1 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.24.2 \ --build-arg RESTY_CLI_VERSION=0.27 \ From b1edb3e141c2acc3ca941245207a8e93e50a199f Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sat, 17 Sep 2022 04:06:49 +0530 Subject: [PATCH 282/494] updated testrunner image sha after bump to go1191 (#9058) --- build/run-in-docker.sh | 2 +- .../custom-errors/custom-default-backend.helm.values.yaml | 2 +- .../customization/custom-errors/custom-default-backend.yaml | 2 +- test/e2e-image/Makefile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 77e7b7a38..35ea27819 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220823-ge19026fe4@sha256:038fc60379b6ce9a0134c2ff9134edccad1f8ecbd9c6ebed9660711d05b0ed95} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220916-gd32f8c343@sha256:f3f26f1e2aef8b2013b731f041fd69bcd950d3118eecf4429551848f47305c0f} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml index 3d93935e4..670208559 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml @@ -6,7 +6,7 @@ defaultBackend: image: registry: registry.k8s.io image: ingress-nginx/nginx-errors - tag: "1.3.0" + tag: "v20220916-gd32f8c343@sha256:09c421ac743bace19ab77979b82186941c5125c95e62cdb40bdf41293b5c275c" extraVolumes: - name: custom-error-pages configMap: diff --git a/docs/examples/customization/custom-errors/custom-default-backend.yaml b/docs/examples/customization/custom-errors/custom-default-backend.yaml index 318e318f5..072beab3b 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml @@ -36,7 +36,7 @@ spec: spec: containers: - name: nginx-error-server - image: registry.k8s.io/ingress-nginx/nginx-errors:1.3.0 + image: registry.k8s.io/ingress-nginx/nginx-errors:v20220916-gd32f8c343@sha256:09c421ac743bace19ab77979b82186941c5125c95e62cdb40bdf41293b5c275c ports: - containerPort: 8080 # Setting the environment variable DEBUG we can see the headers sent diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index f04307f81..d0ed88972 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220823-ge19026fe4@sha256:038fc60379b6ce9a0134c2ff9134edccad1f8ecbd9c6ebed9660711d05b0ed95" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220916-gd32f8c343@sha256:f3f26f1e2aef8b2013b731f041fd69bcd950d3118eecf4429551848f47305c0f" image: echo "..entered Makefile in /test/e2e-image" From b088ee2d7edcc06630563cd7618a413e83331091 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 06:11:23 -0700 Subject: [PATCH 283/494] Bump github/codeql-action from 2.1.23 to 2.1.24 (#9066) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.23 to 2.1.24. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69...904260d7d935dff982205cbdb42025ce30b7a34f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 62dafe1f3..84cc87e1d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69 # v2.1.14 + uses: github/codeql-action/upload-sarif@904260d7d935dff982205cbdb42025ce30b7a34f # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index f47c5d626..8377b3ad0 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69 + uses: github/codeql-action/upload-sarif@904260d7d935dff982205cbdb42025ce30b7a34f with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From a559f75e38214b2c9d6d291304db25528f24b6f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 06:13:23 -0700 Subject: [PATCH 284/494] Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.2.0 (#9064) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.1.6 to 2.2.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.2.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 521b58fce..bfcba276d 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.1.6 + github.com/onsi/ginkgo/v2 v2.2.0 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 diff --git a/go.sum b/go.sum index 5a5411fae..0cc37681c 100644 --- a/go.sum +++ b/go.sum @@ -456,8 +456,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU= -github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= +github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI= +github.com/onsi/ginkgo/v2 v2.2.0/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= From 3ce1f43fc60cf0bcbd43493c2186cc93308046f6 Mon Sep 17 00:00:00 2001 From: "Leon(@mediocreDevops)" Date: Mon, 19 Sep 2022 18:45:23 +0530 Subject: [PATCH 285/494] Tips for new contributors (#8924) This commit adds tips for new contributors along with references and examples Signed-off-by: afro-coder Co-authored-by: Tanisha Banik <26tanishabanik@gmail.com> Signed-off-by: afro-coder Co-authored-by: Tanisha Banik <26tanishabanik@gmail.com> --- CONTRIBUTING.md | 11 +- NEW_CONTRIBUTOR.md | 850 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 857 insertions(+), 4 deletions(-) create mode 100644 NEW_CONTRIBUTOR.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e73f49fcd..a11435aef 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,7 +2,7 @@ Read the following guide if you're interested in contributing to Ingress. [Make Ingress-Nginx Work for you, and the Community](https://youtu.be/GDm-7BlmPPg) from KubeCon Europe 2018 is a great video to get you started!! -Note that this guide refers to contributing to actual sources of the repository. If you interested in contributing through issue triaging, have a look at [this guide](./ISSUE_TRIAGE.md). +Note that this guide refers to contributing to actual sources of the repository. If you interested in contributing through issue triaging, have a look at [this guide](./ISSUE_TRIAGE.md). ## Contributor License Agreements @@ -19,7 +19,7 @@ Follow either of the two links above to access the appropriate CLA and instructi ## Finding Issues That Need Help -If you're new to the project and want to help, but don't know where to start, we have a semi-curated list of issues that should not need deep knowledge of the system. [Have a look and see if anything sounds interesting](https://github.com/kubernetes/ingress-nginx/issues?utf8=%E2%9C%93&q=is%3Aopen%20is%3Aissue%20label%3A%22help+wanted%22). +If you're new to the project and want to help, but don't know where to start, we have a semi-curated list of issues that should not need deep knowledge of the system. [Have a look and see if anything sounds interesting](https://github.com/kubernetes/ingress-nginx/issues?utf8=%E2%9C%93&q=is%3Aopen%20is%3Aissue%20label%3A%22help+wanted%22). Alternatively, search for the label [`triage-accepted`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+is%3Aissue+label%3Atriage%2Faccepted+) if you have some experience with ingress-nginx. Note, that it could make sense to grab issues with higher priority first. @@ -34,9 +34,9 @@ All changes must be code reviewed. Coding conventions and standards are explaine ### Merge Approval -Ingress Nginx collaborators may add "/lgtm" (Looks Good To Me) to indicate that a PR is acceptable. Any change requires at least one LGTM. No pull requests can be merged until at least one Ingress Nginx collaborator signs off with an LGTM. Adding the "/lgtm" comment result in the prow bot adding the `lgtm` label. Note that a pull request still needs an `approve` label from one of the owners. +Ingress Nginx collaborators may add "/lgtm" (Looks Good To Me) to indicate that a PR is acceptable. Any change requires at least one LGTM. No pull requests can be merged until at least one Ingress Nginx collaborator signs off with an LGTM. Adding the "/lgtm" comment result in the prow bot adding the `lgtm` label. Note that a pull request still needs an `approve` label from one of the owners. -Reviewers or members who want to become reviewers according to the [k8s membership ladder](https://github.com/kubernetes/community/blob/master/community-membership.md), could actively search for [pull requests that need a review](https://github.com/kubernetes/ingress-nginx/pulls?q=is%3Aopen+is%3Apr+label%3Atriage%2Faccepted). +Reviewers or members who want to become reviewers according to the [k8s membership ladder](https://github.com/kubernetes/community/blob/master/community-membership.md), could actively search for [pull requests that need a review](https://github.com/kubernetes/ingress-nginx/pulls?q=is%3Aopen+is%3Apr+label%3Atriage%2Faccepted). ## Support Channels @@ -47,3 +47,6 @@ Whether you are a user or contributor, official support channels include: - Post: [Kubernetes Forum](https://discuss.kubernetes.io) Before opening a new issue or submitting a new pull request, it's helpful to search the project - it's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware of. + +## New Contributor Tips +If you're a new contributor, you can follow the [New Contributor Tips guide](NEW_CONTRIBUTOR.md) diff --git a/NEW_CONTRIBUTOR.md b/NEW_CONTRIBUTOR.md new file mode 100644 index 000000000..816d05778 --- /dev/null +++ b/NEW_CONTRIBUTOR.md @@ -0,0 +1,850 @@ +## New Contributor Tips + +Welcome to the Ingress Nginx new contributor tips. +This guide briefly outlines the necessary knowledge & tools, required to start working on Ingress-NGINX Issues. + +### Prerequisites +- Basic understanding of linux +- Familiarity with the command line on linux +- OSI Model(Links below) + +### Introduction +It all starts with the OSI model... +> The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network. It was the first standard model for network communications, adopted by all major computer and telecommunication companies + +![Describes the 7 Layers of the OSI Model](https://i.imgur.com/qF0KjBq.png) + +#### Reading material for OSI Model +[OSI Model CertificationKits](https://www.certificationkits.com/cisco-certification/cisco-ccna-640-802-exam-certification-guide/cisco-ccna-the-osi-model/) + +### Approaching the problem + + +Not everybody knows everything. But the factors that help are a love/passion for this to begin. But to move forward, its the approach and not the knowledge that sustains prolonged joy, while working on issues. If the approach is simple and powered by good-wishes-for-community, then info & tools are forthcoming and easy. + +Here we take a bird's eye-view of the hops in the network plumbing, that a packet takes, from source to destination, when we run `curl`, from a laptop to a nginx webserver process, running in a container, inside a pod, inside a Kubernetes cluster, created using `kind` or `minikube` or any other cluster-management tool. + +### [Kind](https://kind.sigs.k8s.io/) cluster example on a Linux Host + +#### TL;DR +The destination of the packet from the curl command, is looked up, in the `routing table`. Based on the route, the the packet first travels to the virtual bridge `172.18.0.1` interface, created by docker, when we created the kind cluster on a laptop. Next the packet is forwarded to `172.18.0.2`(See below on how we got this IP address), within the kind cluster. The `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip in this case `10.244.0.5` + +Command: +``` +# docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +230e7246a32c kindest/node:v1.24.1 "/usr/local/bin/entr…" 2 weeks ago Up 54 seconds 127.0.0.1:38143->6443/tcp kind-control-plane + +# docker inspect kind-control-plane -f '{{ .NetworkSettings.Networks.kind.IPAddress }}' +172.18.0.2 + +``` + + + +If this part is confusing, you would first need to understand what a [bridge](https://tldp.org/HOWTO/BRIDGE-STP-HOWTO/what-is-a-bridge.html) is and what [docker network](https://docs.docker.com/network/) is. + + + +#### The journey of a curl packet. +Let's begin with creating a [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/) Cluster on your laptop +``` +# kind create cluster +``` +This will create a cluster called `kind`, to view the clusters type +``` +# kind get clusters    +kind +``` +Kind ships with `kubectl`, so we can use that to communicate with our clusters. +``` +# kubectl get no -o wide    +NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME +kind-control-plane Ready control-plane 5d23h v1.24.1 172.18.0.2 Ubuntu 21.10 5.18.12-arch1-1 containerd://1.6.4 +``` +Kind creates a cluster using docker container as nodes, it does this using [containerd](https://containerd.io/) within the docker container. +The concept of Docker in Docker is very important here. + +To start with simply create a nginx deployment using `kubectl`. +``` +# kubectl create deployment nginx --image nginx:alpine --port=80 +deployment.apps/nginx created +``` +Then we expose this as a NodePort Service. +``` +# kubectl expose deployment/nginx --type=NodePort +service/nginx-new exposed +``` +Command: Now we can see that the service has been exposed. +``` +# kubectl get svc -o wide +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR +nginx NodePort 10.96.176.241 80:32329/TCP 4d8h app=nginx +``` +Output Relevance: From the above output, we can see that our nginx pod is being exposed as the `NodePort` service type, and now we can curl the Node IP `172.18.0.2` with the exposed port `32329` + +Command: The pod has an IP as shown below +``` +# kubectl get po -o wide   +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +nginx-6c8b449b8f-pdvdk 1/1 Running 1 (32h ago) 4d8h 10.244.0.5 kind-control-plane +``` + +Command: We can use `curl` on the laptop to view the nginx container that is running on port `32329`. + +``` +# curl 172.18.0.2:32329 + + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + +``` +Now, we can check the ip interfaces as well subnets for our system is connected to: + +``` +$ ifconfig +ethbr0: flags=4163 mtu 1500 + inet 192.168.31.9 netmask 255.255.255.0 broadcast 192.168.31.255 + inet6 fe80::7530:9ae5:3e8d:e45a prefixlen 64 scopeid 0x20 + ether 2e:90:b3:e8:52:5b txqueuelen 1000 (Ethernet) + RX packets 31220566 bytes 44930589084 (41.8 GiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 18104006 bytes 1757183680 (1.6 GiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + +br-2fffe5cd5d9e: flags=4163 mtu 1500 + inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255 + inet6 fc00:f853:ccd:e793::1 prefixlen 64 scopeid 0x0 + inet6 fe80::42:12ff:fed3:8fb0 prefixlen 64 scopeid 0x20 + inet6 fe80::1 prefixlen 64 scopeid 0x20 + ether 02:42:12:d3:8f:b0 txqueuelen 0 (Ethernet) + RX packets 3547 bytes 414792 (405.0 KiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 6267 bytes 8189931 (7.8 MiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 +docker0: flags=4099 mtu 1500 + inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 + inet6 fe80::42:a2ff:fe09:5edb prefixlen 64 scopeid 0x20 + ether 02:42:a2:09:5e:db txqueuelen 0 (Ethernet) + RX packets 14 bytes 2143 (2.0 KiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 40 bytes 6406 (6.2 KiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 +``` +From the above output we can see that, there are two bridges connected to our systems network interface,one is the docker default bridge`docker0` and the other created by kind +`br-2fffe5cd5d9e`. + +Since kind creates nodes as containers, this is easily accessible via `docker ps`. +``` +$ docker ps + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +230e7246a32c kindest/node:v1.24.1 "/usr/local/bin/entr…" 6 days ago Up 33 hours 127.0.0.1:38143->6443/tcp kind-control-plane +``` +If we do a docker `exec` we can enter the container, we can also see the network interfaces within the container. +``` +# docker exec -it 230e7246a32c bash + +# root@kind-control-plane:/# ip a +1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever +2: vethdb0d1da1@if2: mtu 1500 qdisc noqueue state UP group default + link/ether a2:a1:ce:08:d2:39 brd ff:ff:ff:ff:ff:ff link-netns cni-ddc25710-030a-cc05-c600-5a183fae01f7 + inet 10.244.0.1/32 scope global vethdb0d1da1 + valid_lft forever preferred_lft forever +3: veth4d76603f@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 9a:9b:6b:3e:d1:53 brd ff:ff:ff:ff:ff:ff link-netns cni-f2270000-8fc8-6f89-e56b-4759ae10a084 + inet 10.244.0.1/32 scope global veth4d76603f + valid_lft forever preferred_lft forever +4: vethcc2586d6@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 52:f9:20:63:62:a2 brd ff:ff:ff:ff:ff:ff link-netns cni-97e337cd-1322-c1fa-7523-789af94f397f + inet 10.244.0.1/32 scope global vethcc2586d6 + valid_lft forever preferred_lft forever +5: veth783189a9@if2: mtu 1500 qdisc noqueue state UP group default + link/ether ba:e1:55:1f:6f:12 brd ff:ff:ff:ff:ff:ff link-netns cni-90849001-668a-03d2-7d9e-192de79ccc59 + inet 10.244.0.1/32 scope global veth783189a9 + valid_lft forever preferred_lft forever +6: veth79c98c12@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 22:05:55:c7:86:e9 brd ff:ff:ff:ff:ff:ff link-netns cni-734dfac9-9f70-ab33-265b-21569d90312a + inet 10.244.0.1/32 scope global veth79c98c12 + valid_lft forever preferred_lft forever +7: veth5b221c83@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 92:3f:04:54:72:5a brd ff:ff:ff:ff:ff:ff link-netns cni-d8f6666b-1cfb-ef08-4bf8-237a7fc32da2 + inet 10.244.0.1/32 scope global veth5b221c83 + valid_lft forever preferred_lft forever +8: vethad630fb8@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 32:78:ec:f6:01:ea brd ff:ff:ff:ff:ff:ff link-netns cni-6cb3c179-cb17-3b81-2051-27231c44a3c4 + inet 10.244.0.1/32 scope global vethad630fb8 + valid_lft forever preferred_lft forever +9: veth573a629b@if2: mtu 1500 qdisc noqueue state UP group default + link/ether e2:57:f8:c9:bc:94 brd ff:ff:ff:ff:ff:ff link-netns cni-d2dbb903-8310-57b4-7ba4-9f353dbc79dc + inet 10.244.0.1/32 scope global veth573a629b + valid_lft forever preferred_lft forever +10: eth0@if11: mtu 1500 qdisc noqueue state UP group default + link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 + inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0 + valid_lft forever preferred_lft forever + inet6 fc00:f853:ccd:e793::2/64 scope global nodad + valid_lft forever preferred_lft forever + inet6 fe80::42:acff:fe12:2/64 scope link + valid_lft forever preferred_lft forever +11: vethd7368e27@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 8a:74:ec:f6:d6:c9 brd ff:ff:ff:ff:ff:ff link-netns cni-7c7eb9cd-bbb1-65b0-0480-b8f1265f2f36 + inet 10.244.0.1/32 scope global vethd7368e27 + valid_lft forever preferred_lft forever +12: veth7cadbf2b@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 12:48:10:b7:b8:f5 brd ff:ff:ff:ff:ff:ff link-netns cni-b39e37b5-1bc8-626a-a553-a0be2f94a117 + inet 10.244.0.1/32 scope global veth7cadbf2b + valid_lft forever preferred_lft forever + +``` +When we run `curl 172.18.0.2:32329` on the laptop it first needs to figure out where `172.18.0.2`, to do this it refers to the host routing table. +``` +sudo netstat -rn    main  +Kernel IP routing table +Destination Gateway Genmask Flags MSS Window irtt Iface +0.0.0.0 192.168.31.1 0.0.0.0 UG 0 0 0 ethbr0 +172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 +172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-2fffe5cd5d9e +172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-be5b544733a3 +192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0 +192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0 +192.168.39.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr2 +192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 +``` +Output Relevance: From the above output, you can see that the `iface`(Interface) for `172.18.0.0` is `br-2fffe5cd5d9e`, which means traffic that needs to go to `172.18.0.0` will go through `br-2fffe5cd5d9e` which is created by docker for the kind container (this is the node in case of kind cluster). + +Now we need to understand how the packet travels from the container interface to the pod with IP `10.244.0.5`. The component that handles this is called kube-proxy + +So what exactly is [kube-proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy): +> Kube-Proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. +kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster + +So, as we can see that kube proxy handles the network rules required to aid the communication to the pods, we will look at the [iptables](https://linux.die.net/man/8/iptables) +> `iptables` is a command line interface used to set up and maintain tables for the Netfilter firewall for IPv4, included in the Linux kernel. The firewall matches packets with rules defined in these tables and then takes the specified action on a possible match. Tables is the name for a set of chains + +Command: +``` +# iptables -t nat -L PREROUTING -n +Chain PREROUTING (policy ACCEPT) +target prot opt source destination +KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ +DOCKER_OUTPUT all -- 0.0.0.0/0 172.18.0.1 +CNI-HOSTPORT-DNAT all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL +``` + +``` +# iptables-save | grep PREROUTING +-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES +``` +Output Relevance: +> -A: append new iptable rule +> -j: jump to the target +> KUBE-SERVICES: target + +> The above output appends a new rule for PREROUTING which every network packet will go through first as they try to access any kubernetes service + + +What is `PREROUTING` in iptables? +>PREROUTING: This chain is used to make any routing related decisions before (PRE) sending any packets + +To dig in further we need to go to the target, `KUBE-SERVICES` for our nginx service. +``` +# iptables -t nat -L KUBE-SERVICES -n| grep nginx +KUBE-SVC-2CMXP7HKUVJN7L6M tcp -- 0.0.0.0/0 10.96.176.241 /* default/nginx cluster IP */ tcp dpt:80 +``` +Command: +``` +# iptables -t nat -L KUBE-SVC-2CMXP7HKUVJN7L6M -n +Chain KUBE-SVC-2CMXP7HKUVJN7L6M (2 references) +target prot opt source destination +KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.96.176.241 /* default/nginx cluster IP */ tcp dpt:80 +KUBE-SEP-4IEO3WJHPKXV3AOH all -- 0.0.0.0/0 0.0.0.0/0 /* default/nginx -> 10.244.0.5:80 */ + +# iptables -t nat -L KUBE-MARK-MASQ -n +Chain KUBE-MARK-MASQ (31 references) +target prot opt source destination +MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 + +# iptables -t nat -L KUBE-SEP-4IEO3WJHPKXV3AOH -n +Chain KUBE-SEP-4IEO3WJHPKXV3AOH (1 references) +target prot opt source destination +KUBE-MARK-MASQ all -- 10.244.0.5 0.0.0.0/0 /* default/nginx */ +DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/nginx */ tcp to:10.244.0.5:80 +``` + + +``` +iptables-save | grep 10.96.176.241 + +-A KUBE-SERVICES -d 10.96.176.241/32 -p tcp -m comment --comment "default/nginx cluster IP" -m tcp --dport 80 -j KUBE-SVC-2CMXP7HKUVJN7L6M +-A KUBE-SVC-2CMXP7HKUVJN7L6M ! -s 10.244.0.0/16 -d 10.96.176.241/32 -p tcp -m comment --comment "default/nginx cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ +``` + +As you can see the rules added by `kube-proxy` helps the packet reach to the destination service. + +### Minikube KVM VM Example on Linux + +#### TL;DR +Now we look at the curl packet journey on minikube. The `routing table` is looked up to know the destination of the curl packet. The packet then first travels to the virtual bridge `192.168.39.1`, created by minikube kvm2 driver, when we created the minikube cluster, on a linux laptop. Then this packet is forwarded to `192.168.39.57`, within the minikube VM. We have docker containers running in the VM. Among them, the `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip, in this case `172.17.0.4`. + + +To begin with the minikube example, we first need to create a minikube cluster on a linux laptop. In this example I'll be using the `kvm2` driver option for `minikube start` command, as default. + +``` +minikube start +😄 minikube v1.26.0 on Arch "rolling" +🆕 Kubernetes 1.24.2 is now available. If you would like to upgrade, specify: --kubernetes-version=v1.24.2 +✨ Using the kvm2 driver based on existing profile +👍 Starting control plane node minikube in cluster minikube +🏃 Updating the running kvm2 "minikube" VM ... +🐳 Preparing Kubernetes v1.23.3 on Docker 20.10.12 ... + ▪ kubelet.housekeeping-interval=5m +🔎 Verifying Kubernetes components... + ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 + ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 + ▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.2.1 + ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5 +🔎 Verifying ingress addon... +🌟 Enabled addons: ingress, storage-provisioner, default-storageclass +🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default +``` +**Note**: The KVM driver provides a lot of options on customizing the cluster, however that is currently beyond the scope of this guide. + +Next we will get the Node IP. +``` +$ kubectl get no -o wide   +NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME +minikube Ready control-plane,master 25d v1.23.3 192.168.39.57 Buildroot 2021.02.4 4.19.202 docker://20.10.12 +``` +Minikube creates a Virtual Machine using the KVM2 driver(Other drivers such as Virtualbox do exist see `minikube start --help` for more information ), you should be able to see this with the following output(You may have to use sudo to get this output) + +``` +$ virsh --connect qemu:///system list + Id Name State +-------------------------- + 1 minikube running + + or + + $ sudo virsh list + Id Name State +-------------------------- + 1 minikube running + +``` + +Moving on, simply create a nginx deployment using `kubectl`. +``` +# kubectl create deployment nginx --image nginx:alpine --port=80 +deployment.apps/nginx created +``` +Then we expose this as a NodePort Service. +``` +# kubectl expose deployment/nginx --type=NodePort +service/nginx-new exposed +``` +Command: Now we can see that the service has been exposed. +``` +# kubectl get svc -o wide    main  +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR +kubernetes ClusterIP 10.96.0.1 443/TCP 25d +nginx-minikube NodePort 10.97.44.4 80:32007/TCP 45h app=nginx-minikube +``` +Output Relevance: From the above output, we can see that our nginx pod is being exposed as the `NodePort` service type, and now we can curl the Node IP `192.168.39.57` with the exposed port `32007` + +Command: The pod has an IP as shown below +``` +# kubectl get po -o wide +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +nginx-minikube-7546f79bd8-x88bt 1/1 Running 3 (43m ago) 45h 172.17.0.4 minikube + +``` + +Command: We can use `curl` on the laptop to view the nginx container that is running on port `32007`. +``` +curl 192.168.39.57:32007 + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + +``` + +So, how does this packet travel, lets dive in. +We can check the ip interfaces as well subnets for our system is connected to: +``` +$ ifconfig +virbr2: flags=4163 mtu 1500 + inet 192.168.39.1 netmask 255.255.255.0 broadcast 192.168.39.255 + ether 52:54:00:19:29:93 txqueuelen 1000 (Ethernet) + RX packets 5132 bytes 1777099 (1.6 MiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 6113 bytes 998530 (975.1 KiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + +virbr0: flags=4163 mtu 1500 + inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 + ether 52:54:00:48:ee:35 txqueuelen 1000 (Ethernet) + RX packets 23648 bytes 1265196 (1.2 MiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 40751 bytes 60265308 (57.4 MiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 +``` +Output Relevance: From the above output you can see there are two Virtual Bridges created by minikube when we created the cluster on the network. Here, `virbr0` is the default NAT network bridge while `virbr2` is a isolated network bridge on which the pods run. + +Minikube creates a Virtual Machine, to enter the virtual machine we can simple do: +``` +# minikube ssh +``` + +The interfaces within the Virtual Machine are as follows. +``` +docker0 Link encap:Ethernet HWaddr 02:42:03:24:26:78 + inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:31478 errors:0 dropped:0 overruns:0 frame:0 + TX packets:36704 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:3264056 (3.1 MiB) TX bytes:14061883 (13.4 MiB) + +eth0 Link encap:Ethernet HWaddr 52:54:00:C9:3A:73 + inet addr:192.168.39.57 Bcast:192.168.39.255 Mask:255.255.255.0 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:8245 errors:0 dropped:9 overruns:0 frame:0 + TX packets:3876 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:812006 (792.9 KiB) TX bytes:1044724 (1020.2 KiB) + +eth1 Link encap:Ethernet HWaddr 52:54:00:7B:37:79 + inet addr:192.168.122.35 Bcast:192.168.122.255 Mask:255.255.255.0 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:4459 errors:0 dropped:9 overruns:0 frame:0 + TX packets:201 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:298528 (291.5 KiB) TX bytes:25813 (25.2 KiB) + +lo Link encap:Local Loopback + inet addr:127.0.0.1 Mask:255.0.0.0 + UP LOOPBACK RUNNING MTU:65536 Metric:1 + RX packets:946772 errors:0 dropped:0 overruns:0 frame:0 + TX packets:946772 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:213465460 (203.5 MiB) TX bytes:213465460 (203.5 MiB) + +vetha4f1dc5 Link encap:Ethernet HWaddr 3E:1C:FE:C9:75:86 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:10 errors:0 dropped:0 overruns:0 frame:0 + TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:1413 (1.3 KiB) TX bytes:955 (955.0 B) + +vethbf35613 Link encap:Ethernet HWaddr BA:31:7D:AE:2A:BF + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:3526 errors:0 dropped:0 overruns:0 frame:0 + TX packets:3934 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:342408 (334.3 KiB) TX bytes:380193 (371.2 KiB) + +vethe092a51 Link encap:Ethernet HWaddr 8A:37:D3:D9:D9:0E + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:9603 errors:0 dropped:0 overruns:0 frame:0 + TX packets:11151 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:1199235 (1.1 MiB) TX bytes:5449408 (5.1 MiB) +``` +Output Relevance: Here we have the Virtual Ethernet and we have docker bridges too since docker runs within the Virtual Machine. + +When we do a `curl` to `192.168.39.57:32007` on the laptop the packet first goes to the route table +``` +Destination Gateway Genmask Flags MSS Window irtt Iface +0.0.0.0 192.168.31.1 0.0.0.0 UG 0 0 0 ethbr0 +172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 +172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-2fffe5cd5d9e +172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-be5b544733a3 +192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0 +192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0 +192.168.39.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr2 +192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 +``` +Output Relevance: As you can see multiple routes are defined here, of which our Virtual Machine Node IP(192.168.39.57) is also shown in the table, so the packet now knows where it has to go. + +With that clear we now know how the packet goes from the laptop to the virtual bridge and then enters the Virtual Machine. + +Inside the virtual machine, [kube-proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy) handles the routing using iptables. + +So what exactly is [kube-proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy)(For those who skipped the kind example): +> Kube-Proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. +kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster + +So, as we can see that kube proxy handles the network rules required to aid the communication to the pods, we will look at the [iptables](https://linux.die.net/man/8/iptables) +> `iptables` is a command line interface used to set up and maintain tables for the Netfilter firewall for IPv4, included in the Linux kernel. The firewall matches packets with rules defined in these tables and then takes the specified action on a possible match. Tables is the name for a set of chains + +Command: + +``` +# minikube ssh   + _ _ + _ _ ( ) ( ) + ___ ___ (_) ___ (_)| |/') _ _ | |_ __ +/' _ ` _ `\| |/' _ `\| || , < ( ) ( )| '_`\ /'__`\ +| ( ) ( ) || || ( ) || || |\`\ | (_) || |_) )( ___/ +(_) (_) (_)(_)(_) (_)(_)(_) (_)`\___/'(_,__/'`\____) + +$ sudo iptables -t nat -L PREROUTING -n +Chain PREROUTING (policy ACCEPT) +target prot opt source destination +KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ +DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL + +$ iptables-save | grep PREROUTING +-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES + +``` + +Output Relevance: +> -A: append new iptable rule +> -j: jump to the target +> KUBE-SERVICES: target + +> The above output appends a new rule for PREROUTING which every network packet will go through first as they try to access any kubernetes service + + +What is `PREROUTING` in iptables? +>PREROUTING: This chain is used to make any routing related decisions before (PRE) sending any packets + +To dig in further we need to go to the target, `KUBE-SERVICES` for our nginx service. +``` +# iptables -t nat -L KUBE-SERVICES -n| grep nginx +KUBE-SVC-NRDCJV6H42SDXARP tcp -- 0.0.0.0/0 10.97.44.4 /* default/nginx-minikube cluster IP */ tcp dpt:80 +``` +Command: +``` +$ sudo iptables -t nat -L| grep KUBE-SVC-NRDCJV6H42SDXARP +KUBE-SVC-NRDCJV6H42SDXARP tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/nginx-minikube */ tcp dpt:32007 +KUBE-SVC-NRDCJV6H42SDXARP tcp -- 0.0.0.0/0 10.97.44.4 /* default/nginx-minikube cluster IP */ tcp dpt:80 + +$ sudo iptables -t nat -L KUBE-MARK-MASQ -n +Chain KUBE-MARK-MASQ (19 references) +target prot opt source destination +MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 + +sudo iptables-save | grep 172.17.0.4 +-A KUBE-SEP-AHQQ7ZFXMEBNX76B -s 172.17.0.4/32 -m comment --comment "default/nginx-minikube" -j KUBE-MARK-MASQ +-A KUBE-SEP-AHQQ7ZFXMEBNX76B -p tcp -m comment --comment "default/nginx-minikube" -m tcp -j DNAT --to-destination 172.17.0.4:80 +``` +As you can see the rules added by kube-proxy helps the packet reach to the destination service. + + +### Connection termination +Connection termination is a type of event that occurs when there are load balancers present, the information for this is quite scarce, however I've found the following article, [IBM - Network Termination](https://www.ibm.com/docs/en/sva/9.0.4?topic=balancer-network-termination) that describes what it means by connection termination between clients(laptop) and server(load balancer) and the various other services. + +### Different types of connection errors. +The following article on [TCP/IP errors](https://www.ibm.com/docs/en/db2/11.1?topic=message-tcpip-errors) has a list of the important tcp timeout errors that we need to know. + + +| Common TCP/IP errors | Meaning | +| -------- | -------- | +| Resource temporarily unavailable.| Self-explanatory. | +| No space is left on a device or system table.|The disk partition is full| +|No route to the host is available.|The routing table doesn't know where to route the packet.| +|Connection was reset by the partner.|This usually means the packet was dropped as soon as it reached the server can be due to a firewall.| +|The connection was timed out.|This indicates the firewall blocking your connection or the connection took too long.| + +## OSI Model Layer 7 (Application Layer) + +[What is layer 7?](https://www.cloudflare.com/learning/ddos/what-is-layer-7/) +#### Summary +Layer 7 refers to the seventh and topmost layer of the Open Systems Interconnect (OSI) Model known as the application layer. This is the highest layer which supports end-user processes and applications. Layer 7 identifies the communicating parties and the quality of service between them, considers privacy and user authentication, as well as identifies any constraints on the data syntax. This layer is wholly application-specific. + + +## Setting up Ingress-Nginx Controller + +Since we are doing this on our local laptop, we are going to use the following tools: +- [Minikube using KVM driver](https://minikube.sigs.k8s.io/docs/start/) - The host is linux-based in our example +- [Metallb](https://metallb.universe.tf/) - Baremetal load-balancer. +- [KVM](https://www.linux-kvm.org/page/Main_Page) / [Oracle VirtualBox](https://www.virtualbox.org/wiki/Downloads) / [VMWare](https://www.vmware.com/in/products/workstation-pro.html) + + +### So let's begin with Metallb and Ingress-Nginx setup. + +For setting up metallb, we are going to follow the below steps: + + - To begin the installation, we will execute: +``` +minikube start +``` +- To install Metallb, one can install it using the [manifest](https://metallb.universe.tf/installation/#installation-by-manifest) or by using [helm](https://metallb.universe.tf/installation/#installation-with-helm), for now we will use the Manifest method: +``` +kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.4/config/manifests/metallb-native.yaml +``` + +- We need to now configure Metallb, we are using [Layer 2 configuration](https://metallb.universe.tf/configuration/#announce-the-service-ips), let's head over to the [Metallb Configuration](https://metallb.universe.tf/configuration/) website, here you will see how to setup metallb. +>Layer 2 mode does not require the IPs to be bound to the network interfaces of your worker nodes. It works by responding to ARP requests on your local network directly, to give the machine’s MAC address to clients. +In order to advertise the IP coming from an IPAddressPool, an L2Advertisement instance must be associated to the IPAddressPool. +- We have modified the IP address pool so that our loadbalancer knows which subnet to choose an IP from.Since we have only one minikube IP we need to modify the code given in the documentation. +Save this as `metallb-config.yaml`: +``` +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: first-pool + namespace: metallb-system +spec: + addresses: + # The configuration website show's you this + + #- 192.168.10.0/24 + #- 192.168.9.1-192.168.9.5 + #- fc00:f853:0ccd:e799::/124 + + # We are going to change this to `minikube ip` as such + - 192.168.39.57/32 +``` +Now deploy it using `kubectl` +``` +kubectl apply -f metallb-config.yaml +``` +- Now that metallb is setup, let's install [ingress-nginx](https://kubernetes.github.io/ingress-nginx/deploy/#quick-start) on the laptop. +Note: We are using the install by manifest option from the Installation manual +``` +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml +``` +or one can also install it using the minikube addons: +``` +minikube addons enable ingress +``` + - Once your Ingress-Nginx controller is created you can run the following commands to see the output of the setup done. +``` +kubectl get pods -n ingress-nginx +NAME READY STATUS RESTARTS AGE +ingress-nginx-admission-create-65bld 0/1 Completed 0 14m +ingress-nginx-admission-patch-rwq4x 0/1 Completed 0 14m +ingress-nginx-controller-6dc865cd86-7c5zd 1/1 Running 0 14m +``` +The Ingress controller creates a Service with the type LoadBalancer and metallb provides the IP address. + +``` +kubectl -n ingress-nginx get svc + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +ingress-nginx-controller LoadBalancer 10.108.154.53 192.168.39.223 80:30367/TCP,443:31491/TCP 4d15h +ingress-nginx-controller-admission ClusterIP 10.98.54.3 443/TCP 4d15h +``` + +#### Creating an Ingress + +We will deploy a `httpd` service in a `httpd` namespace and create a ingress for it. + +First, let's create a namespace. +``` +kubectl create namespace httpd +``` + +Next we will create a deployment +``` +kubectl create deployment httpd -n httpd --image=httpd:alpine +``` + +Now, In order to create a service, let's expose this deployment +``` +kubectl expose deployment -n httpd httpd --port 80 +``` +Let's check the `pod` that is created + +``` +kubectl get po -n httpd +NAME READY STATUS RESTARTS AGE +httpd-fb7fcdc77-w287c 1/1 Running 0 64s +``` + +Let's list the services in the `httpd` namespace +``` +kubectl get svc -n httpd +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +httpd ClusterIP 10.104.111.0 80/TCP 13s +``` + +Once we have this we can now create a n ingress using the following +``` +kubectl -n httpd create ingress httpd --class nginx --rule httpd.dev.leonnunes.com/"*"=httpd:80 +``` +The above output, creates an ingress, for us with the rule to match the service if the host is `httpd.dev.leonnunes.com`. The class here is retrieved from the below command. + +To list the `ingressclasses` use +``` +kubectl get ingressclasses +NAME CONTROLLER PARAMETERS AGE +nginx k8s.io/ingress-nginx 6h49m +``` + +The following command shows the ingress created +``` +$ kubectl get ingress -A -o wide + +NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE +httpd httpd nginx httpd.dev.leonnunes.com 192.168.39.223 80 11d +``` + +To test if the rule works we can now do +``` +$ minikube ip +192.168.39.223 + +$ curl --resolve httpd.dev.leonnunes.com:80:192.168.39.223 httpd.dev.leonnunes.com +

It works!

+ +or + +curl -H "Host: httpd.dev.leonnunes.com" 192.168.39.223 +``` + +#### Example of Information found on layer 7 +We have setup `Ingress-Nginx`, using `nginx` as a class and `httpd` for this example. + +In order to display the info on Layer - 7, we have extracted the Layer 7 information from a simple `curl` request, and then using `tcpdump` command within the `httpd` pod we extracted the network packets and opened it using the `Wireshark` utility. + +Below given is the output that is important: +```bash +Frame 4: 391 bytes on wire (3128 bits), 391 bytes captured (3128 bits) +Linux cooked capture v2 +Internet Protocol Version 4, Src: 172.17.0.4, Dst: 172.17.0.3 +Transmission Control Protocol, Src Port: 49074, Dst Port: 80, Seq: 1, Ack: 1, Len: 319 +Hypertext Transfer Protocol + GET / HTTP/1.1\r\n + Host: httpd.dev.leonnunes.com\r\n + X-Request-ID: 6e1a790412a0d1615dc0231358dc9c8b\r\n + X-Real-IP: 172.17.0.1\r\n + X-Forwarded-For: 172.17.0.1\r\n + X-Forwarded-Host: httpd.dev.leonnunes.com\r\n + X-Forwarded-Port: 80\r\n + X-Forwarded-Proto: http\r\n + X-Forwarded-Scheme: http\r\n + X-Scheme: http\r\n + User-Agent: curl/7.84.0\r\n + Accept: */*\r\n + \r\n + [Full request URI: http://httpd.dev.leonnunes.com/] + [HTTP request 1/1] + [Response in frame: 6] + +``` +The above output shows the information that the `httpd` pod recieves. The `curl` command sends the host header, `Host: httpd.dev.leonnunes.com`, to the nginx controller, that then matches the rule and sends the information to the right controller + +The following output shows what is sent via the laptop. +``` +curl --resolve httpd.dev.leonnunes.com:80:192.168.39.57 -H "Host: httpd.dev.leonnunes.com" 192.168.39.57 -vL +* Added httpd.dev.leonnunes.com:80:192.168.39.57 to DNS cache +* Trying 192.168.39.57:80... +* Connected to 192.168.39.57 (192.168.39.57) port 80 (#0) +> GET / HTTP/1.1 +> Host: httpd.dev.leonnunes.com +> User-Agent: curl/7.84.0 +> Accept: */* +> +* Mark bundle as not supporting multiuse +< HTTP/1.1 200 OK +< Date: Mon, 22 Aug 2022 16:05:27 GMT +< Content-Type: text/html +< Content-Length: 45 +< Connection: keep-alive +< Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT +< ETag: "2d-432a5e4a73a80" +< Accept-Ranges: bytes +< +

It works!

+* Connection #0 to host 192.168.39.57 left intact +``` +As you can see from the above output there are several headers added to the curl output after it reaches the `httpd` pod, these headers are added by the Ingress Nginx Controller. + + +### References +#### Basics of Networking + - https://www.cisco.com/en/US/docs/security/vpn5000/manager/reference/guide/appA.html + - http://web.stanford.edu/class/cs101/ + - https://www.geeksforgeeks.org/basics-computer-networking/ + - Subnetting + - https://www.computernetworkingnotes.com/ccna-study-guide/subnetting-tutorial-subnetting-explained-with-examples.html + +#### Video Links + - https://www.youtube.com/playlist?list=PLhfrWIlLOoKPc2RecyiM_A9nf3fUU3e6g + - https://www.youtube.com/watch?v=S7MNX_UD7vY&list=PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P + +### Topics to read about + - Docker in Docker + - [Docker/Containers](https://www.oreilly.com/library/view/docker-deep-dive/9781800565135/) + - Containers + +### Basics of Kubernetes +#### Reading Material +- https://nubenetes.com/kubernetes-tutorials/ +- https://kubernetes.io/docs/concepts/ +#### Video Material +- [Techworld with Nana 101](https://www.youtube.com/playlist?list=PLy7NrYWoggjziYQIDorlXjTvvwweTYoNC) +- [Jeff Geerling Kubernetes 101](https://www.youtube.com/watch?v=IcslsH7OoYo&list=PL2_OBreMn7FoYmfx27iSwocotjiikS5BD) + +#### Hands-On Kubernetes +- https://kube.academy/ +- https://www.civo.com/academy + +### Networking in Kubernetes +- [Kubernetes Networking 101](https://youtu.be/CYnwBIpvSlM?t=284) +- [CNCF Kubernetes 101](https://www.youtube.com/watch?v=cUGXu2tiZMc) + +### Tools/Commands to help with troubleshooting. +- [mtr](https://www.redhat.com/sysadmin/linux-mtr-command) - Tracing the packet from the source to destination +- [tcpdump](https://linuxconfig.org/how-to-use-tcpdump-command-on-linux) - Monitor packets +- [wireshark](https://www.lifewire.com/wireshark-tutorial-4143298) - Read/Sniff packets +- [nslookup](https://phoenixnap.com/kb/nslookup-command) - Lookup Nameservers +- [netstat](https://www.lifewire.com/netstat-command-2618098) - List network details +- [curl](https://linuxhandbook.com/curl-command-examples/) - Curl a website from the command line +- [ifconfig](https://www.tecmint.com/ifconfig-command-examples/)/[ip](https://www.geeksforgeeks.org/ip-command-in-linux-with-examples/) - Show ip address configuration +- [dig](https://www.geeksforgeeks.org/dig-command-in-linux-with-examples/) - Query Nameservers +- [ipcalc](https://www.linux.com/topic/networking/how-calculate-network-addresses-ipcalc/) - Calculate IP addresses +- Advanced Tools for troubleshooting + - [Netshoot](https://github.com/nicolaka/netshoot) - Troubleshoot Networks +- Cluster Creation tools + - [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) + - [minikube](https://minikube.sigs.k8s.io/docs/start/) From fd9d0abb2c311f0549d85a755fe5de7ceda7ee3b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 06:17:22 -0700 Subject: [PATCH 286/494] Bump k8s.io/component-base from 0.25.0 to 0.25.1 (#9065) Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.25.0 to 0.25.1. - [Release notes](https://github.com/kubernetes/component-base/releases) - [Commits](https://github.com/kubernetes/component-base/compare/v0.25.0...v0.25.1) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index bfcba276d..ca896babd 100644 --- a/go.mod +++ b/go.mod @@ -30,14 +30,14 @@ require ( google.golang.org/grpc v1.49.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.25.0 + k8s.io/api v0.25.1 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.25.0 + k8s.io/apimachinery v0.25.1 k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 - k8s.io/client-go v0.25.0 + k8s.io/client-go v0.25.1 k8s.io/code-generator v0.23.5 - k8s.io/component-base v0.25.0 + k8s.io/component-base v0.25.1 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 diff --git a/go.sum b/go.sum index 0cc37681c..8127cfbf4 100644 --- a/go.sum +++ b/go.sum @@ -1134,26 +1134,26 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0= -k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk= +k8s.io/api v0.25.1 h1:yL7du50yc93k17nH/Xe9jujAYrcDkI/i5DL1jPz4E3M= +k8s.io/api v0.25.1/go.mod h1:hh4itDvrWSJsmeUc28rIFNri8MatNAAxJjKcQmhX6TU= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU= -k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0= +k8s.io/apimachinery v0.25.1 h1:t0XrnmCEHVgJlR2arwO8Awp9ylluDic706WePaYCBTI= +k8s.io/apimachinery v0.25.1/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E= -k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8= +k8s.io/client-go v0.25.1 h1:uFj4AJKtE1/ckcSKz8IhgAuZTdRXZDKev8g387ndD58= +k8s.io/client-go v0.25.1/go.mod h1:rdFWTLV/uj2C74zGbQzOsmXPUtMAjSf7ajil4iJUNKo= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= -k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y= -k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk= +k8s.io/component-base v0.25.1 h1:Wmj33QwddVwsJFJWmXlf24Nu8do2bGHLabXHrKz7Org= +k8s.io/component-base v0.25.1/go.mod h1:j78+TFdsKM8RXHfM88oeAdZu2v9qMZdQZOfg0LGW+q4= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From 0f5bf530ae677a2f389d6f06de27b6a5cf910621 Mon Sep 17 00:00:00 2001 From: Kir Shatrov Date: Tue, 20 Sep 2022 07:03:21 -0400 Subject: [PATCH 287/494] Add missing space to error message (#9069) --- rootfs/etc/nginx/lua/balancer.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs/etc/nginx/lua/balancer.lua b/rootfs/etc/nginx/lua/balancer.lua index 2c6a83ae9..00104c89d 100644 --- a/rootfs/etc/nginx/lua/balancer.lua +++ b/rootfs/etc/nginx/lua/balancer.lua @@ -64,7 +64,7 @@ local function get_implementation(backend) local implementation = IMPLEMENTATIONS[name] if not implementation then - ngx.log(ngx.WARN, backend["load-balance"], "is not supported, ", + ngx.log(ngx.WARN, backend["load-balance"], " is not supported, ", "falling back to ", DEFAULT_LB_ALG) implementation = IMPLEMENTATIONS[DEFAULT_LB_ALG] end From 3579ed04870c77979ec5bf18f4cd00c8763615a1 Mon Sep 17 00:00:00 2001 From: Tomas Hulata Date: Fri, 23 Sep 2022 21:38:04 +0200 Subject: [PATCH 288/494] feat: switch from endpoints to endpointslices (#8890) * endpointslices Signed-off-by: tombokombo * cleanup Signed-off-by: tombokombo * fix rbac Signed-off-by: tombokombo * fix comments Signed-off-by: tombokombo * cleanup store, add store tests Signed-off-by: tombokombo * fix copyright date Signed-off-by: tombokombo Signed-off-by: tombokombo --- .../ingress-nginx/templates/clusterrole.yaml | 8 + .../templates/controller-role.yaml | 8 + internal/ingress/controller/controller.go | 13 +- .../ingress/controller/controller_test.go | 3 +- .../{endpoints.go => endpointslices.go} | 96 +++-- ...dpoints_test.go => endpointslices_test.go} | 396 ++++++++++++------ internal/ingress/controller/store/endpoint.go | 39 -- .../ingress/controller/store/endpoint_test.go | 66 --- .../ingress/controller/store/endpointslice.go | 55 +++ .../controller/store/endpointslice_test.go | 94 +++++ internal/ingress/controller/store/store.go | 43 +- 11 files changed, 520 insertions(+), 301 deletions(-) rename internal/ingress/controller/{endpoints.go => endpointslices.go} (55%) rename internal/ingress/controller/{endpoints_test.go => endpointslices_test.go} (50%) delete mode 100644 internal/ingress/controller/store/endpoint.go delete mode 100644 internal/ingress/controller/store/endpoint_test.go create mode 100644 internal/ingress/controller/store/endpointslice.go create mode 100644 internal/ingress/controller/store/endpointslice_test.go diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml index 0e725ec06..51bc5002c 100644 --- a/charts/ingress-nginx/templates/clusterrole.yaml +++ b/charts/ingress-nginx/templates/clusterrole.yaml @@ -89,6 +89,14 @@ rules: - get - list - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 330be8c86..d6da92ec9 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -100,6 +100,14 @@ rules: verbs: - create - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get {{- if .Values.podSecurityPolicy.enabled }} - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 5287034c6..84da5eb30 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -434,7 +434,7 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr sp := svc.Spec.Ports[i] if sp.Name == svcPort { if sp.Protocol == proto { - endps = getEndpoints(svc, &sp, proto, n.store.GetServiceEndpoints) + endps = getEndpointsFromSlices(svc, &sp, proto, n.store.GetServiceEndpointsSlices) break } } @@ -445,7 +445,7 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr sp := svc.Spec.Ports[i] if sp.Port == int32(targetPort) { if sp.Protocol == proto { - endps = getEndpoints(svc, &sp, proto, n.store.GetServiceEndpoints) + endps = getEndpointsFromSlices(svc, &sp, proto, n.store.GetServiceEndpointsSlices) break } } @@ -497,7 +497,7 @@ func (n *NGINXController) getDefaultUpstream() *ingress.Backend { return upstream } - endps := getEndpoints(svc, &svc.Spec.Ports[0], apiv1.ProtocolTCP, n.store.GetServiceEndpoints) + endps := getEndpointsFromSlices(svc, &svc.Spec.Ports[0], apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) if len(endps) == 0 { klog.Warningf("Service %q does not have any active Endpoint", svcKey) endps = []ingress.Endpoint{n.DefaultEndpoint()} @@ -824,7 +824,7 @@ func (n *NGINXController) getBackendServers(ingresses []*ingress.Ingress) ([]*in } sp := location.DefaultBackend.Spec.Ports[0] - endps := getEndpoints(location.DefaultBackend, &sp, apiv1.ProtocolTCP, n.store.GetServiceEndpoints) + endps := getEndpointsFromSlices(location.DefaultBackend, &sp, apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) // custom backend is valid only if contains at least one endpoint if len(endps) > 0 { name := fmt.Sprintf("custom-default-backend-%v-%v", location.DefaultBackend.GetNamespace(), location.DefaultBackend.GetName()) @@ -1082,7 +1082,6 @@ func (n *NGINXController) serviceEndpoints(svcKey, backendPort string) ([]ingres } klog.V(3).Infof("Obtaining ports information for Service %q", svcKey) - // Ingress with an ExternalName Service and no port defined for that Service if svc.Spec.Type == apiv1.ServiceTypeExternalName { if n.cfg.DisableServiceExternalName { @@ -1090,7 +1089,7 @@ func (n *NGINXController) serviceEndpoints(svcKey, backendPort string) ([]ingres return upstreams, nil } servicePort := externalNamePorts(backendPort, svc) - endps := getEndpoints(svc, servicePort, apiv1.ProtocolTCP, n.store.GetServiceEndpoints) + endps := getEndpointsFromSlices(svc, servicePort, apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) if len(endps) == 0 { klog.Warningf("Service %q does not have any active Endpoint.", svcKey) return upstreams, nil @@ -1107,7 +1106,7 @@ func (n *NGINXController) serviceEndpoints(svcKey, backendPort string) ([]ingres servicePort.TargetPort.String() == backendPort || servicePort.Name == backendPort { - endps := getEndpoints(svc, &servicePort, apiv1.ProtocolTCP, n.store.GetServiceEndpoints) + endps := getEndpointsFromSlices(svc, &servicePort, apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) if len(endps) == 0 { klog.Warningf("Service %q does not have any active Endpoint.", svcKey) } diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index f875632e0..da9f10e45 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -34,6 +34,7 @@ import ( "github.com/eapache/channels" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -85,7 +86,7 @@ func (fakeIngressStore) GetService(key string) (*corev1.Service, error) { return nil, fmt.Errorf("test error") } -func (fakeIngressStore) GetServiceEndpoints(key string) (*corev1.Endpoints, error) { +func (fakeIngressStore) GetServiceEndpointsSlices(key string) ([]*discoveryv1.EndpointSlice, error) { return nil, fmt.Errorf("test error") } diff --git a/internal/ingress/controller/endpoints.go b/internal/ingress/controller/endpointslices.go similarity index 55% rename from internal/ingress/controller/endpoints.go rename to internal/ingress/controller/endpointslices.go index 5615fadea..efd2a6afa 100644 --- a/internal/ingress/controller/endpoints.go +++ b/internal/ingress/controller/endpointslices.go @@ -28,14 +28,15 @@ import ( "k8s.io/klog/v2" corev1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/pkg/apis/ingress" ) // getEndpoints returns a list of Endpoint structs for a given service/target port combination. -func getEndpoints(s *corev1.Service, port *corev1.ServicePort, proto corev1.Protocol, - getServiceEndpoints func(string) (*corev1.Endpoints, error)) []ingress.Endpoint { +func getEndpointsFromSlices(s *corev1.Service, port *corev1.ServicePort, proto corev1.Protocol, + getServiceEndpointsSlices func(string) ([]*discoveryv1.EndpointSlice, error)) []ingress.Endpoint { upsServers := []ingress.Endpoint{} @@ -74,54 +75,63 @@ func getEndpoints(s *corev1.Service, port *corev1.ServicePort, proto corev1.Prot }) } - klog.V(3).Infof("Getting Endpoints for Service %q and port %v", svcKey, port.String()) - ep, err := getServiceEndpoints(svcKey) + klog.V(3).Infof("Getting Endpoints from endpointSlices for Service %q and port %v", svcKey, port.String()) + epss, err := getServiceEndpointsSlices(svcKey) if err != nil { klog.Warningf("Error obtaining Endpoints for Service %q: %v", svcKey, err) return upsServers } - - for _, ss := range ep.Subsets { - matchedPortNameFound := false - for i, epPort := range ss.Ports { - - if !reflect.DeepEqual(epPort.Protocol, proto) { - continue - } - - var targetPort int32 - - if port.Name == "" { - // port.Name is optional if there is only one port - targetPort = epPort.Port - matchedPortNameFound = true - } else if port.Name == epPort.Name { - targetPort = epPort.Port - matchedPortNameFound = true - } - - if i == len(ss.Ports)-1 && !matchedPortNameFound && port.TargetPort.Type == intstr.Int { - // use service target port if it's a number and no port name matched - // https://github.com/kubernetes/ingress-nginx/issues/7390 - targetPort = port.TargetPort.IntVal - } - - if targetPort <= 0 { - continue - } - - for _, epAddress := range ss.Addresses { - ep := net.JoinHostPort(epAddress.IP, strconv.Itoa(int(targetPort))) - if _, exists := processedUpstreamServers[ep]; exists { + // loop over all endpointSlices generated for service + for _, eps := range epss { + var ports []int32 + if len(eps.Ports) == 0 { + // When ports is empty, it indicates that there are no defined ports, using svc targePort <- this could be wrong + klog.V(3).Infof("No ports found on endpointSlice, using service TargetPort %v for Service %q", port.String(), svcKey) + ports = append(ports, port.TargetPort.IntVal) + } else { + for _, epPort := range eps.Ports { + if !reflect.DeepEqual(*epPort.Protocol, proto) { continue } - ups := ingress.Endpoint{ - Address: epAddress.IP, - Port: fmt.Sprintf("%v", targetPort), - Target: epAddress.TargetRef, + var targetPort int32 = 0 + if port.Name == "" { + // port.Name is optional if there is only one port + targetPort = *epPort.Port + } else if port.Name == *epPort.Name { + targetPort = *epPort.Port + } + if targetPort == 0 && port.TargetPort.Type == intstr.Int { + // use service target port if it's a number and no port name matched + // https://github.com/kubernetes/ingress-nginx/issues/7390 + targetPort = port.TargetPort.IntVal + } + if targetPort == 0 { + continue + } + ports = append(ports, targetPort) + } + } + for _, ep := range eps.Endpoints { + if !(*ep.Conditions.Ready) { + continue + } + + // ep.Hints + + for _, epPort := range ports { + for _, epAddress := range ep.Addresses { + hostPort := net.JoinHostPort(epAddress, strconv.Itoa(int(epPort))) + if _, exists := processedUpstreamServers[hostPort]; exists { + continue + } + ups := ingress.Endpoint{ + Address: epAddress, + Port: fmt.Sprintf("%v", epPort), + Target: ep.TargetRef, + } + upsServers = append(upsServers, ups) + processedUpstreamServers[hostPort] = struct{}{} } - upsServers = append(upsServers, ups) - processedUpstreamServers[ep] = struct{}{} } } } diff --git a/internal/ingress/controller/endpoints_test.go b/internal/ingress/controller/endpointslices_test.go similarity index 50% rename from internal/ingress/controller/endpoints_test.go rename to internal/ingress/controller/endpointslices_test.go index f38ffabe7..e404c4949 100644 --- a/internal/ingress/controller/endpoints_test.go +++ b/internal/ingress/controller/endpointslices_test.go @@ -21,17 +21,19 @@ import ( "testing" corev1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/ingress-nginx/pkg/apis/ingress" ) -func TestGetEndpoints(t *testing.T) { +func TestGetEndpointsFromSlices(t *testing.T) { tests := []struct { name string svc *corev1.Service port *corev1.ServicePort proto corev1.Protocol - fn func(string) (*corev1.Endpoints, error) + fn func(string) ([]*discoveryv1.EndpointSlice, error) result []ingress.Endpoint }{ { @@ -39,7 +41,7 @@ func TestGetEndpoints(t *testing.T) { nil, nil, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { + func(string) ([]*discoveryv1.EndpointSlice, error) { return nil, nil }, []ingress.Endpoint{}, @@ -49,7 +51,7 @@ func TestGetEndpoints(t *testing.T) { &corev1.Service{}, nil, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { + func(string) ([]*discoveryv1.EndpointSlice, error) { return nil, nil }, []ingress.Endpoint{}, @@ -59,8 +61,8 @@ func TestGetEndpoints(t *testing.T) { &corev1.Service{}, &corev1.ServicePort{Name: "default"}, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{}, }, @@ -73,8 +75,8 @@ func TestGetEndpoints(t *testing.T) { }, &corev1.ServicePort{Name: "default"}, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{}, }, @@ -97,8 +99,8 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{}, }, @@ -121,8 +123,8 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{}, }, @@ -145,8 +147,8 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{ { @@ -174,8 +176,8 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{ { @@ -203,8 +205,8 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{}, }, @@ -227,7 +229,7 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { + func(string) ([]*discoveryv1.EndpointSlice, error) { return nil, fmt.Errorf("unexpected error") }, []ingress.Endpoint{}, @@ -251,25 +253,27 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - Addresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, - }, - }, - Ports: []corev1.EndpointPort{ - { - Protocol: corev1.ProtocolUDP, - }, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, }, - }, nil + Ports: []discoveryv1.EndpointPort{ + { + Name: &[]string{""}[0], + Port: &[]int32{80}[0], + Protocol: &[]corev1.Protocol{corev1.ProtocolUDP}[0], + }, + }, + }}, nil }, []ingress.Endpoint{}, }, @@ -292,30 +296,32 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - NotReadyAddresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, - }, - }, - Ports: []corev1.EndpointPort{ - { - Protocol: corev1.ProtocolUDP, - }, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{false}[0], }, }, }, - }, nil + Ports: []discoveryv1.EndpointPort{ + { + Name: &[]string{""}[0], + Port: &[]int32{80}[0], + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + }, + }, + }}, nil }, []ingress.Endpoint{}, }, { - "should return no endpoint when the name of the port name do not match any port in the endpoint Subsets and TargetPort is string", + "should return no endpoint when the name of the port name do not match any port in the endpointPort and TargetPort is string", &corev1.Service{ Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeClusterIP, @@ -333,32 +339,32 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromString("port-1"), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - Addresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, - }, - }, - Ports: []corev1.EndpointPort{ - { - Protocol: corev1.ProtocolTCP, - Port: int32(80), - Name: "another-name", - }, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, }, - }, nil + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"another-name"}[0], + }, + }, + }}, nil }, []ingress.Endpoint{}, }, { - "should return one endpoint when the name of the port name do not match any port in the endpoint Subsets and TargetPort is int", + "should return one endpoint when the name of the port name do not match any port in the endpointPort and TargetPort is int", &corev1.Service{ Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeClusterIP, @@ -376,27 +382,27 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - Addresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, - }, - }, - Ports: []corev1.EndpointPort{ - { - Protocol: corev1.ProtocolTCP, - Port: int32(80), - Name: "another-name", - }, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, }, - }, nil + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"another-name"}[0], + }, + }, + }}, nil }, []ingress.Endpoint{ { @@ -406,7 +412,7 @@ func TestGetEndpoints(t *testing.T) { }, }, { - "should return one endpoint when the name of the port name match a port in the endpoint Subsets", + "should return one endpoint when the name of the port name match a port in the endpointPort", &corev1.Service{ Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeClusterIP, @@ -424,25 +430,169 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - Addresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + }, + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"default"}[0], + }, + }, + }}, nil + }, + []ingress.Endpoint{ + { + Address: "1.1.1.1", + Port: "80", + }, + }, + }, + { + "should return two endpoints when the name of the port name match a port in the endpointPort", + &corev1.Service{ + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + ClusterIP: "1.1.1.1", + Ports: []corev1.ServicePort{ + { + Name: "default", + TargetPort: intstr.FromInt(80), + }, + }, + }, + }, + &corev1.ServicePort{ + Name: "default", + TargetPort: intstr.FromString("port-1"), + }, + corev1.ProtocolTCP, + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{ + { + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, - Ports: []corev1.EndpointPort{ - { - Protocol: corev1.ProtocolTCP, - Port: int32(80), - Name: "default", + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"default"}[0], + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"2.2.2.2"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"default"}[0], + }, + }, + }, + }, nil + }, + []ingress.Endpoint{ + { + Address: "1.1.1.1", + Port: "80", + }, + { + Address: "2.2.2.2", + Port: "80", + }, + }, + }, + { + "should return one endpoints when the name of the port name match a port in the endpointPort", + &corev1.Service{ + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + ClusterIP: "1.1.1.1", + Ports: []corev1.ServicePort{ + { + Name: "default", + TargetPort: intstr.FromInt(80), + }, + }, + }, + }, + &corev1.ServicePort{ + Name: "port-1", + TargetPort: intstr.FromString("port-1"), + }, + corev1.ProtocolTCP, + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{ + { + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + }, + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"port-1"}[0], + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"2.2.2.2"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + }, + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"another-name"}[0], + }, + }, }, }, nil }, @@ -454,7 +604,7 @@ func TestGetEndpoints(t *testing.T) { }, }, { - "should return one endpoint when the name of the port name match more than one port in the endpoint Subsets", + "should return one endpoint when the name of the port name match more than one port in the endpointPort", &corev1.Service{ Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeClusterIP, @@ -472,32 +622,32 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromString("port-1"), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - Addresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, - }, - }, - Ports: []corev1.EndpointPort{ - { - Name: "port-1", - Protocol: corev1.ProtocolTCP, - Port: 80, - }, - { - Name: "port-1", - Protocol: corev1.ProtocolTCP, - Port: 80, - }, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, }, - }, nil + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"port-1"}[0], + }, + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"port-2"}[0], + }, + }, + }}, nil }, []ingress.Endpoint{ { @@ -510,7 +660,7 @@ func TestGetEndpoints(t *testing.T) { for _, testCase := range tests { t.Run(testCase.name, func(t *testing.T) { - result := getEndpoints(testCase.svc, testCase.port, testCase.proto, testCase.fn) + result := getEndpointsFromSlices(testCase.svc, testCase.port, testCase.proto, testCase.fn) if len(testCase.result) != len(result) { t.Errorf("Expected %d Endpoints but got %d", len(testCase.result), len(result)) } diff --git a/internal/ingress/controller/store/endpoint.go b/internal/ingress/controller/store/endpoint.go deleted file mode 100644 index ff6fbd715..000000000 --- a/internal/ingress/controller/store/endpoint.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package store - -import ( - apiv1 "k8s.io/api/core/v1" - "k8s.io/client-go/tools/cache" -) - -// EndpointLister makes a Store that lists Endpoints. -type EndpointLister struct { - cache.Store -} - -// ByKey returns the Endpoints of the Service matching key in the local Endpoint Store. -func (s *EndpointLister) ByKey(key string) (*apiv1.Endpoints, error) { - eps, exists, err := s.GetByKey(key) - if err != nil { - return nil, err - } - if !exists { - return nil, NotExistsError(key) - } - return eps.(*apiv1.Endpoints), nil -} diff --git a/internal/ingress/controller/store/endpoint_test.go b/internal/ingress/controller/store/endpoint_test.go deleted file mode 100644 index 6c8ae40e2..000000000 --- a/internal/ingress/controller/store/endpoint_test.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package store - -import ( - apiv1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/cache" - "testing" -) - -func newEndpointLister(t *testing.T) *EndpointLister { - t.Helper() - - return &EndpointLister{Store: cache.NewStore(cache.MetaNamespaceKeyFunc)} -} - -func TestEndpointLister(t *testing.T) { - t.Run("the key does not exist", func(t *testing.T) { - el := newEndpointLister(t) - - key := "namespace/endpoint" - _, err := el.ByKey(key) - - if err == nil { - t.Error("expected an error but nothing has been returned") - } - - if _, ok := err.(NotExistsError); !ok { - t.Errorf("expected NotExistsError, got %v", err) - } - }) - - t.Run("the key exists", func(t *testing.T) { - el := newEndpointLister(t) - - key := "namespace/endpoint" - endpoint := &apiv1.Endpoints{ObjectMeta: metav1.ObjectMeta{Namespace: "namespace", Name: "endpoint"}} - - el.Add(endpoint) - - e, err := el.ByKey(key) - - if err != nil { - t.Errorf("unexpeted error %v", err) - } - - if e != endpoint { - t.Errorf("expected %v, error, got %v", e, endpoint) - } - }) -} diff --git a/internal/ingress/controller/store/endpointslice.go b/internal/ingress/controller/store/endpointslice.go new file mode 100644 index 000000000..fdd7374e9 --- /dev/null +++ b/internal/ingress/controller/store/endpointslice.go @@ -0,0 +1,55 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package store + +import ( + "fmt" + "strings" + + discoveryv1 "k8s.io/api/discovery/v1" + "k8s.io/client-go/tools/cache" +) + +// EndpointSliceLister makes a Store that lists Endpoints. +type EndpointSliceLister struct { + cache.Store +} + +// MatchByKey returns the EndpointsSlices of the Service matching key in the local Endpoint Store. +func (s *EndpointSliceLister) MatchByKey(key string) ([]*discoveryv1.EndpointSlice, error) { + var eps []*discoveryv1.EndpointSlice + // filter endpointSlices owned by svc + for _, listKey := range s.ListKeys() { + if !strings.HasPrefix(listKey, key) { + continue + } + epss, exists, err := s.GetByKey(listKey) + if exists && err == nil { + // check for svc owner label + if svcName, ok := epss.(*discoveryv1.EndpointSlice).ObjectMeta.GetLabels()[discoveryv1.LabelServiceName]; ok { + namespace := epss.(*discoveryv1.EndpointSlice).ObjectMeta.GetNamespace() + if key == fmt.Sprintf("%s/%s", namespace, svcName) { + eps = append(eps, epss.(*discoveryv1.EndpointSlice)) + } + } + } + } + if len(eps) == 0 { + return nil, NotExistsError(key) + } + return eps, nil +} diff --git a/internal/ingress/controller/store/endpointslice_test.go b/internal/ingress/controller/store/endpointslice_test.go new file mode 100644 index 000000000..fdc51c0e4 --- /dev/null +++ b/internal/ingress/controller/store/endpointslice_test.go @@ -0,0 +1,94 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package store + +import ( + "testing" + + discoveryv1 "k8s.io/api/discovery/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/cache" +) + +func newEndpointSliceLister(t *testing.T) *EndpointSliceLister { + t.Helper() + + return &EndpointSliceLister{Store: cache.NewStore(cache.MetaNamespaceKeyFunc)} +} + +func TestEndpointSliceLister(t *testing.T) { + t.Run("the key does not exist", func(t *testing.T) { + el := newEndpointSliceLister(t) + + key := "namespace/svcname" + _, err := el.MatchByKey(key) + + if err == nil { + t.Error("expected an error but nothing has been returned") + } + + if _, ok := err.(NotExistsError); !ok { + t.Errorf("expected NotExistsError, got %v", err) + } + }) + t.Run("the key exists", func(t *testing.T) { + el := newEndpointSliceLister(t) + + key := "namespace/svcname" + endpointSlice := &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "namespace", + Name: "anothername-foo", + Labels: map[string]string{ + discoveryv1.LabelServiceName: "svcname", + }, + }, + } + el.Add(endpointSlice) + endpointSlice = &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "namespace", + Name: "svcname-bar", + Labels: map[string]string{ + discoveryv1.LabelServiceName: "othersvc", + }, + }, + } + el.Add(endpointSlice) + endpointSlice = &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "namespace", + Name: "svcname-buz", + Labels: map[string]string{ + discoveryv1.LabelServiceName: "svcname", + }, + }, + } + el.Add(endpointSlice) + eps, err := el.MatchByKey(key) + + if err != nil { + t.Errorf("unexpeted error %v", err) + } + if err == nil && len(eps) != 1 { + t.Errorf("expected one slice %v, error, got %d slices", endpointSlice, len(eps)) + } + if len(eps) > 0 && eps[0].GetName() != endpointSlice.GetName() { + t.Errorf("expected %v, error, got %v", endpointSlice.GetName(), eps[0].GetName()) + } + }) +} diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 239fbaaf5..7913eb0de 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -29,6 +29,7 @@ import ( "github.com/eapache/channels" corev1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" @@ -78,8 +79,8 @@ type Storer interface { // GetService returns the Service matching key. GetService(key string) (*corev1.Service, error) - // GetServiceEndpoints returns the Endpoints of a Service matching key. - GetServiceEndpoints(key string) (*corev1.Endpoints, error) + // GetServiceEndpointsSlices returns the EndpointSlices of a Service matching key. + GetServiceEndpointsSlices(key string) ([]*discoveryv1.EndpointSlice, error) // ListIngresses returns a list of all Ingresses in the store. ListIngresses() []*ingress.Ingress @@ -127,13 +128,13 @@ type Event struct { // Informer defines the required SharedIndexInformers that interact with the API server. type Informer struct { - Ingress cache.SharedIndexInformer - IngressClass cache.SharedIndexInformer - Endpoint cache.SharedIndexInformer - Service cache.SharedIndexInformer - Secret cache.SharedIndexInformer - ConfigMap cache.SharedIndexInformer - Namespace cache.SharedIndexInformer + Ingress cache.SharedIndexInformer + IngressClass cache.SharedIndexInformer + EndpointSlice cache.SharedIndexInformer + Service cache.SharedIndexInformer + Secret cache.SharedIndexInformer + ConfigMap cache.SharedIndexInformer + Namespace cache.SharedIndexInformer } // Lister contains object listers (stores). @@ -141,7 +142,7 @@ type Lister struct { Ingress IngressLister IngressClass IngressClassLister Service ServiceLister - Endpoint EndpointLister + EndpointSlice EndpointSliceLister Secret SecretLister ConfigMap ConfigMapLister Namespace NamespaceLister @@ -159,7 +160,7 @@ func (e NotExistsError) Error() string { // Run initiates the synchronization of the informers against the API server. func (i *Informer) Run(stopCh chan struct{}) { go i.Secret.Run(stopCh) - go i.Endpoint.Run(stopCh) + go i.EndpointSlice.Run(stopCh) if i.IngressClass != nil { go i.IngressClass.Run(stopCh) } @@ -169,7 +170,6 @@ func (i *Informer) Run(stopCh chan struct{}) { // wait for all involved caches to be synced before processing items // from the queue if !cache.WaitForCacheSync(stopCh, - i.Endpoint.HasSynced, i.Service.HasSynced, i.Secret.HasSynced, i.ConfigMap.HasSynced, @@ -330,8 +330,8 @@ func New( store.listers.IngressClass.Store = cache.NewStore(cache.MetaNamespaceKeyFunc) } - store.informers.Endpoint = infFactory.Core().V1().Endpoints().Informer() - store.listers.Endpoint.Store = store.informers.Endpoint.GetStore() + store.informers.EndpointSlice = infFactory.Discovery().V1().EndpointSlices().Informer() + store.listers.EndpointSlice.Store = store.informers.EndpointSlice.GetStore() store.informers.Secret = infFactorySecrets.Core().V1().Secrets().Informer() store.listers.Secret.Store = store.informers.Secret.GetStore() @@ -673,7 +673,7 @@ func New( }, } - epEventHandler := cache.ResourceEventHandlerFuncs{ + epsEventHandler := cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { updateCh.In() <- Event{ Type: CreateEvent, @@ -687,9 +687,9 @@ func New( } }, UpdateFunc: func(old, cur interface{}) { - oep := old.(*corev1.Endpoints) - cep := cur.(*corev1.Endpoints) - if !reflect.DeepEqual(cep.Subsets, oep.Subsets) { + oeps := old.(*discoveryv1.EndpointSlice) + ceps := cur.(*discoveryv1.EndpointSlice) + if !reflect.DeepEqual(ceps.Endpoints, oeps.Endpoints) { updateCh.In() <- Event{ Type: UpdateEvent, Obj: cur, @@ -796,7 +796,7 @@ func New( if !icConfig.IgnoreIngressClass { store.informers.IngressClass.AddEventHandler(ingressClassEventHandler) } - store.informers.Endpoint.AddEventHandler(epEventHandler) + store.informers.EndpointSlice.AddEventHandler(epsEventHandler) store.informers.Secret.AddEventHandler(secrEventHandler) store.informers.ConfigMap.AddEventHandler(cmEventHandler) store.informers.Service.AddEventHandler(serviceHandler) @@ -1044,9 +1044,8 @@ func (s *k8sStore) GetConfigMap(key string) (*corev1.ConfigMap, error) { return s.listers.ConfigMap.ByKey(key) } -// GetServiceEndpoints returns the Endpoints of a Service matching key. -func (s *k8sStore) GetServiceEndpoints(key string) (*corev1.Endpoints, error) { - return s.listers.Endpoint.ByKey(key) +func (s *k8sStore) GetServiceEndpointsSlices(key string) ([]*discoveryv1.EndpointSlice, error) { + return s.listers.EndpointSlice.MatchByKey(key) } // GetAuthCertificate is used by the auth-tls annotations to get a cert from a secret From 67f7d3da63ba723c2d5f8f2d1dacd40a72a248c2 Mon Sep 17 00:00:00 2001 From: Wilmar den Ouden Date: Sat, 24 Sep 2022 13:38:05 +0200 Subject: [PATCH 289/494] fix: do not apply job-patch psp on Kubernetes 1.25 and newer (#9074) * fix: do not apply job-patch psp on Kubernetes 1.25 and newer Signed-off-by: wilmarguida * fix: bump kubernetes version for helm chart CI to 1.25.0 Signed-off-by: wilmarguida Signed-off-by: wilmarguida --- .github/workflows/ci.yaml | 2 +- .../templates/admission-webhooks/job-patch/psp.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9d7941ab5..fc106b495 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -175,7 +175,7 @@ jobs: uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: version: v0.15.0 - image: kindest/node:v1.24.4 + image: kindest/node:v1.25.0 - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml index 70edde334..e19c95572 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml @@ -1,3 +1,4 @@ +{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -37,3 +38,4 @@ spec: - secret - downwardAPI {{- end }} +{{- end }} From 2af4fec0552064e4462437faa291cfd5e69193f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Sep 2022 08:02:04 -0700 Subject: [PATCH 290/494] Bump github/codeql-action from 2.1.24 to 2.1.25 (#9083) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.24 to 2.1.25. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/904260d7d935dff982205cbdb42025ce30b7a34f...86f3159a697a097a813ad9bfa0002412d97690a4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 84cc87e1d..e903a2783 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@904260d7d935dff982205cbdb42025ce30b7a34f # v2.1.14 + uses: github/codeql-action/upload-sarif@86f3159a697a097a813ad9bfa0002412d97690a4 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 8377b3ad0..0ef654160 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@904260d7d935dff982205cbdb42025ce30b7a34f + uses: github/codeql-action/upload-sarif@86f3159a697a097a813ad9bfa0002412d97690a4 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From f192ffe302f060c4357fe8d05c78dc8e77356a97 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Sep 2022 08:04:03 -0700 Subject: [PATCH 291/494] Bump actions/dependency-review-action from 2.1.0 to 2.4.0 (#9085) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.1.0 to 2.4.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/23d1ffffb6fa5401173051ec21eba8c35242733f...375c5370086bfff256c37f8beec0f437e2e72ae1) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index b16d44681..d69c1a0c8 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@23d1ffffb6fa5401173051ec21eba8c35242733f #v2.0.2 + uses: actions/dependency-review-action@375c5370086bfff256c37f8beec0f437e2e72ae1 #v2.0.2 From cd151e3db8bd4f884511d229c2134e89f3c22a98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Sep 2022 17:48:04 -0700 Subject: [PATCH 292/494] Bump actions/checkout from 1 to 3 (#9084) Bumps [actions/checkout](https://github.com/actions/checkout) from 1 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v1...2541b1294d2704b0964813337f33b291d3f8596b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/perftest.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index aeda0425e..d498a216a 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v1 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - name: Install K6 run: | diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e903a2783..2e13deea0 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.0 with: persist-credentials: false From 855bcbce344c5472dacde7ba01276f53366dbb43 Mon Sep 17 00:00:00 2001 From: Nicolas Julian <33948000+nicolasjulian@users.noreply.github.com> Date: Tue, 27 Sep 2022 20:59:51 +0700 Subject: [PATCH 293/494] Update Version ModSecurity and Coreruleset (#9086) This is related to some new bugs that found in LiveHackingEvent 1337up0522. The latest coreruleset need *ModSecurity version 2.9.6 or 3.0.8* - https://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec - https://coreruleset.org/20220920/crs-version-3-3-4-and-3-2-3/ - https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ - https://github.com/coreruleset/coreruleset/releases/tag/v3.3.4 --- images/nginx/rootfs/build.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index f3efb3663..75d765e78 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -60,10 +60,10 @@ export DATADOG_CPP_VERSION=1.3.2 export MODSECURITY_VERSION=1.0.2 # Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.5...v3/master -export MODSECURITY_LIB_VERSION=v3.0.5 +export MODSECURITY_LIB_VERSION=v3.0.8 # Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v3.3.2...v3.3/master -export OWASP_MODSECURITY_CRS_VERSION=v3.3.2 +export OWASP_MODSECURITY_CRS_VERSION=v3.3.4 # Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.20...master export LUA_NGX_VERSION=b721656a9127255003b696b42ccc871c7ec18d59 @@ -548,6 +548,7 @@ Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-922-MULTIPART-ATTACK.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf From a3da90f9f5b6eac6b519c241521c99a04669967c Mon Sep 17 00:00:00 2001 From: "Leon(@mediocreDevops)" Date: Wed, 28 Sep 2022 19:52:35 +0530 Subject: [PATCH 294/494] Added a Link to the New Contributors Tips (#9072) This adds a link to the new contributor tips in the developer guide present on the docs page Signed-off-by: afro-coder Signed-off-by: afro-coder --- docs/developer-guide/getting-started.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/developer-guide/getting-started.md b/docs/developer-guide/getting-started.md index 8d500f147..fbf251790 100644 --- a/docs/developer-guide/getting-started.md +++ b/docs/developer-guide/getting-started.md @@ -88,3 +88,6 @@ and then publish such version with ```console docker push $REGISTRY/controller:$TAG ``` + +### New Contributor Tips +New contributors can refer to the [new contributor tips](https://github.com/kubernetes/ingress-nginx/blob/main/NEW_CONTRIBUTOR.md) which will be updated with examples and tips. From 077c0414aa9a36df6ad57735203df382010e666f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Sep 2022 07:24:36 -0700 Subject: [PATCH 295/494] Bump k8s.io/component-base from 0.25.1 to 0.25.2 (#9089) Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.25.1 to 0.25.2. - [Release notes](https://github.com/kubernetes/component-base/releases) - [Commits](https://github.com/kubernetes/component-base/compare/v0.25.1...v0.25.2) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index ca896babd..471e7749e 100644 --- a/go.mod +++ b/go.mod @@ -30,14 +30,14 @@ require ( google.golang.org/grpc v1.49.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.25.1 + k8s.io/api v0.25.2 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.25.1 + k8s.io/apimachinery v0.25.2 k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 - k8s.io/client-go v0.25.1 + k8s.io/client-go v0.25.2 k8s.io/code-generator v0.23.5 - k8s.io/component-base v0.25.1 + k8s.io/component-base v0.25.2 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 diff --git a/go.sum b/go.sum index 8127cfbf4..65fb4ee78 100644 --- a/go.sum +++ b/go.sum @@ -1134,26 +1134,26 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.25.1 h1:yL7du50yc93k17nH/Xe9jujAYrcDkI/i5DL1jPz4E3M= -k8s.io/api v0.25.1/go.mod h1:hh4itDvrWSJsmeUc28rIFNri8MatNAAxJjKcQmhX6TU= +k8s.io/api v0.25.2 h1:v6G8RyFcwf0HR5jQGIAYlvtRNrxMJQG1xJzaSeVnIS8= +k8s.io/api v0.25.2/go.mod h1:qP1Rn4sCVFwx/xIhe+we2cwBLTXNcheRyYXwajonhy0= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.25.1 h1:t0XrnmCEHVgJlR2arwO8Awp9ylluDic706WePaYCBTI= -k8s.io/apimachinery v0.25.1/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA= +k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs= +k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.25.1 h1:uFj4AJKtE1/ckcSKz8IhgAuZTdRXZDKev8g387ndD58= -k8s.io/client-go v0.25.1/go.mod h1:rdFWTLV/uj2C74zGbQzOsmXPUtMAjSf7ajil4iJUNKo= +k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo= +k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= -k8s.io/component-base v0.25.1 h1:Wmj33QwddVwsJFJWmXlf24Nu8do2bGHLabXHrKz7Org= -k8s.io/component-base v0.25.1/go.mod h1:j78+TFdsKM8RXHfM88oeAdZu2v9qMZdQZOfg0LGW+q4= +k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY= +k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From 26fe69cb47295f6677576fa8585afa98d72536e2 Mon Sep 17 00:00:00 2001 From: Matthias Neugebauer Date: Wed, 28 Sep 2022 16:28:37 +0200 Subject: [PATCH 296/494] Add annotation for setting sticky cookie domain (#9088) This adds the new annotation `nginx.ingress.kubernetes.io/session-cookie-domain` for setting the cookie `Domain` attribute of the sticky cookie. Signed-off-by: Matthias Neugebauer Signed-off-by: Matthias Neugebauer --- docs/examples/affinity/cookie/README.md | 1 + .../nginx-configuration/annotations.md | 3 ++ .../annotations/sessionaffinity/main.go | 10 +++++ .../annotations/sessionaffinity/main_test.go | 5 +++ internal/ingress/controller/controller.go | 1 + pkg/apis/ingress/types.go | 1 + pkg/apis/ingress/types_equals.go | 5 ++- rootfs/etc/nginx/lua/balancer/sticky.lua | 4 ++ test/e2e/annotations/affinity.go | 45 +++++++++++++++++++ 9 files changed, 74 insertions(+), 1 deletion(-) diff --git a/docs/examples/affinity/cookie/README.md b/docs/examples/affinity/cookie/README.md index 891f828a2..1920d132b 100644 --- a/docs/examples/affinity/cookie/README.md +++ b/docs/examples/affinity/cookie/README.md @@ -14,6 +14,7 @@ Session affinity can be configured using the following annotations: |nginx.ingress.kubernetes.io/session-cookie-name|Name of the cookie that will be created|string (defaults to `INGRESSCOOKIE`)| |nginx.ingress.kubernetes.io/session-cookie-secure|Set the cookie as secure regardless the protocol of the incoming request|`"true"` or `"false"`| |nginx.ingress.kubernetes.io/session-cookie-path|Path that will be set on the cookie (required if your [Ingress paths][ingress-paths] use regular expressions)|string (defaults to the currently [matched path][ingress-paths])| +|nginx.ingress.kubernetes.io/session-cookie-domain|Domain that will be set on the cookie|string| |nginx.ingress.kubernetes.io/session-cookie-samesite|`SameSite` attribute to apply to the cookie|Browser accepted values are `None`, `Lax`, and `Strict`| |nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none|Will omit `SameSite=None` attribute for older browsers which reject the more-recently defined `SameSite=None` value|`"true"` or `"false"` |nginx.ingress.kubernetes.io/session-cookie-max-age|Time until the cookie expires, corresponds to the `Max-Age` cookie directive|number of seconds| diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 199d156be..131320bf7 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -98,6 +98,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/service-upstream](#service-upstream)|"true" or "false"| |[nginx.ingress.kubernetes.io/session-cookie-name](#cookie-affinity)|string| |[nginx.ingress.kubernetes.io/session-cookie-path](#cookie-affinity)|string| +|[nginx.ingress.kubernetes.io/session-cookie-domain](#cookie-affinity)|string| |[nginx.ingress.kubernetes.io/session-cookie-change-on-failure](#cookie-affinity)|"true" or "false"| |[nginx.ingress.kubernetes.io/session-cookie-samesite](#cookie-affinity)|string| |[nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none](#cookie-affinity)|"true" or "false"| @@ -189,6 +190,8 @@ If you use the ``cookie`` affinity type you can also specify the name of the coo The NGINX annotation `nginx.ingress.kubernetes.io/session-cookie-path` defines the path that will be set on the cookie. This is optional unless the annotation `nginx.ingress.kubernetes.io/use-regex` is set to true; Session cookie paths do not support regex. +Use `nginx.ingress.kubernetes.io/session-cookie-domain` to set the `Domain` attribute of the sticky cookie. + Use `nginx.ingress.kubernetes.io/session-cookie-samesite` to apply a `SameSite` attribute to the sticky cookie. Browser accepted values are `None`, `Lax`, and `Strict`. Some browsers reject cookies with `SameSite=None`, including those created before the `SameSite=None` specification (e.g. Chrome 5X). Other browsers mistakenly treat `SameSite=None` cookies as `SameSite=Strict` (e.g. Safari running on OSX 14). To omit `SameSite=None` from browsers with these incompatibilities, add the annotation `nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true"`. ### Authentication diff --git a/internal/ingress/annotations/sessionaffinity/main.go b/internal/ingress/annotations/sessionaffinity/main.go index 9c4d1d2bc..98a0d64f8 100644 --- a/internal/ingress/annotations/sessionaffinity/main.go +++ b/internal/ingress/annotations/sessionaffinity/main.go @@ -52,6 +52,9 @@ const ( // This is used to control the cookie path when use-regex is set to true annotationAffinityCookiePath = "session-cookie-path" + // This is used to control the cookie Domain + annotationAffinityCookieDomain = "session-cookie-domain" + // This is used to control the SameSite attribute of the cookie annotationAffinityCookieSameSite = "session-cookie-samesite" @@ -87,6 +90,8 @@ type Cookie struct { MaxAge string `json:"maxage"` // The path that a cookie will be set on Path string `json:"path"` + // The domain that a cookie will be set on + Domain string `json:"domain"` // Flag that allows cookie regeneration on request failure ChangeOnFailure bool `json:"changeonfailure"` // Secure flag to be set @@ -127,6 +132,11 @@ func (a affinity) cookieAffinityParse(ing *networking.Ingress) *Cookie { klog.V(3).InfoS("Invalid or no annotation value found. Ignoring", "ingress", klog.KObj(ing), "annotation", annotationAffinityCookiePath) } + cookie.Domain, err = parser.GetStringAnnotation(annotationAffinityCookieDomain, ing) + if err != nil { + klog.V(3).InfoS("Invalid or no annotation value found. Ignoring", "ingress", klog.KObj(ing), "annotation", annotationAffinityCookieDomain) + } + cookie.SameSite, err = parser.GetStringAnnotation(annotationAffinityCookieSameSite, ing) if err != nil { klog.V(3).InfoS("Invalid or no annotation value found. Ignoring", "ingress", klog.KObj(ing), "annotation", annotationAffinityCookieSameSite) diff --git a/internal/ingress/annotations/sessionaffinity/main_test.go b/internal/ingress/annotations/sessionaffinity/main_test.go index 65d11ac2d..cffe57fec 100644 --- a/internal/ingress/annotations/sessionaffinity/main_test.go +++ b/internal/ingress/annotations/sessionaffinity/main_test.go @@ -78,6 +78,7 @@ func TestIngressAffinityCookieConfig(t *testing.T) { data[parser.GetAnnotationWithPrefix(annotationAffinityCookieExpires)] = "4500" data[parser.GetAnnotationWithPrefix(annotationAffinityCookieMaxAge)] = "3000" data[parser.GetAnnotationWithPrefix(annotationAffinityCookiePath)] = "/foo" + data[parser.GetAnnotationWithPrefix(annotationAffinityCookieDomain)] = "foo.bar" data[parser.GetAnnotationWithPrefix(annotationAffinityCookieChangeOnFailure)] = "true" data[parser.GetAnnotationWithPrefix(annotationAffinityCookieSecure)] = "true" ing.SetAnnotations(data) @@ -112,6 +113,10 @@ func TestIngressAffinityCookieConfig(t *testing.T) { t.Errorf("expected /foo as session-cookie-path but returned %v", nginxAffinity.Cookie.Path) } + if nginxAffinity.Cookie.Domain != "foo.bar" { + t.Errorf("expected foo.bar as session-cookie-domain but returned %v", nginxAffinity.Cookie.Domain) + } + if !nginxAffinity.Cookie.ChangeOnFailure { t.Errorf("expected change of failure parameter set to true but returned %v", nginxAffinity.Cookie.ChangeOnFailure) } diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 84da5eb30..f60f7a053 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -767,6 +767,7 @@ func (n *NGINXController) getBackendServers(ingresses []*ingress.Ingress) ([]*in ups.SessionAffinity.CookieSessionAffinity.MaxAge = anns.SessionAffinity.Cookie.MaxAge ups.SessionAffinity.CookieSessionAffinity.Secure = anns.SessionAffinity.Cookie.Secure ups.SessionAffinity.CookieSessionAffinity.Path = cookiePath + ups.SessionAffinity.CookieSessionAffinity.Domain = anns.SessionAffinity.Cookie.Domain ups.SessionAffinity.CookieSessionAffinity.SameSite = anns.SessionAffinity.Cookie.SameSite ups.SessionAffinity.CookieSessionAffinity.ConditionalSameSiteNone = anns.SessionAffinity.Cookie.ConditionalSameSiteNone ups.SessionAffinity.CookieSessionAffinity.ChangeOnFailure = anns.SessionAffinity.Cookie.ChangeOnFailure diff --git a/pkg/apis/ingress/types.go b/pkg/apis/ingress/types.go index 8460ee684..7c1c825b7 100644 --- a/pkg/apis/ingress/types.go +++ b/pkg/apis/ingress/types.go @@ -159,6 +159,7 @@ type CookieSessionAffinity struct { Locations map[string][]string `json:"locations,omitempty"` Secure bool `json:"secure,omitempty"` Path string `json:"path,omitempty"` + Domain string `json:"domain,omitempty"` SameSite string `json:"samesite,omitempty"` ConditionalSameSiteNone bool `json:"conditional_samesite_none,omitempty"` ChangeOnFailure bool `json:"change_on_failure,omitempty"` diff --git a/pkg/apis/ingress/types_equals.go b/pkg/apis/ingress/types_equals.go index 1ba80d07e..a954a253b 100644 --- a/pkg/apis/ingress/types_equals.go +++ b/pkg/apis/ingress/types_equals.go @@ -173,6 +173,9 @@ func (csa1 *CookieSessionAffinity) Equal(csa2 *CookieSessionAffinity) bool { if csa1.Path != csa2.Path { return false } + if csa1.Domain != csa2.Domain { + return false + } if csa1.Expires != csa2.Expires { return false } @@ -192,7 +195,7 @@ func (csa1 *CookieSessionAffinity) Equal(csa2 *CookieSessionAffinity) bool { return true } -//Equal checks the equality between UpstreamByConfig types +// Equal checks the equality between UpstreamByConfig types func (u1 *UpstreamHashByConfig) Equal(u2 *UpstreamHashByConfig) bool { if u1 == u2 { return true diff --git a/rootfs/etc/nginx/lua/balancer/sticky.lua b/rootfs/etc/nginx/lua/balancer/sticky.lua index 3440d86bd..9d0a54116 100644 --- a/rootfs/etc/nginx/lua/balancer/sticky.lua +++ b/rootfs/etc/nginx/lua/balancer/sticky.lua @@ -110,6 +110,10 @@ function _M.set_cookie(self, value) cookie_data.max_age = tonumber(self.cookie_session_affinity.maxage) end + if self.cookie_session_affinity.domain and self.cookie_session_affinity.domain ~= "" then + cookie_data.domain = self.cookie_session_affinity.domain + end + local ok ok, err = cookie:set(cookie_data) if not ok then diff --git a/test/e2e/annotations/affinity.go b/test/e2e/annotations/affinity.go index 6a0a0bf48..3e1e9e969 100644 --- a/test/e2e/annotations/affinity.go +++ b/test/e2e/annotations/affinity.go @@ -222,6 +222,51 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { Header("Set-Cookie").Contains(fmt.Sprintf("Expires=%s", expected)).Contains("Max-Age=259200") }) + ginkgo.It("should set cookie with domain", func() { + host := "cookiedomain.foo.com" + annotations := make(map[string]string) + annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie" + annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "DomainCookie" + annotations["nginx.ingress.kubernetes.io/session-cookie-domain"] = "foo.bar" + + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK). + Header("Set-Cookie").Contains("Domain=foo.bar") + }) + + ginkgo.It("should not set cookie without domain annotation", func() { + host := "cookienodomain.foo.com" + annotations := make(map[string]string) + annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie" + annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "NoDomainCookie" + + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK). + Header("Set-Cookie").NotContains("; Domain") + }) + ginkgo.It("should work with use-regex annotation and session-cookie-path", func() { host := "useregex.foo.com" annotations := make(map[string]string) From 261ce42517c3f35c302177eb9acc4f355c4736df Mon Sep 17 00:00:00 2001 From: Tomas Hulata Date: Wed, 28 Sep 2022 16:34:36 +0200 Subject: [PATCH 297/494] plugin - endpoints to slices (#9081) Signed-off-by: tombokombo Signed-off-by: tombokombo --- cmd/plugin/request/request.go | 87 +++++++++++++++++++---------------- 1 file changed, 47 insertions(+), 40 deletions(-) diff --git a/cmd/plugin/request/request.go b/cmd/plugin/request/request.go index cae90e9d2..fd47564a9 100644 --- a/cmd/plugin/request/request.go +++ b/cmd/plugin/request/request.go @@ -22,11 +22,13 @@ import ( appsv1 "k8s.io/api/apps/v1" apiv1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/cli-runtime/pkg/genericclioptions" appsv1client "k8s.io/client-go/kubernetes/typed/apps/v1" corev1 "k8s.io/client-go/kubernetes/typed/core/v1" + discoveryv1client "k8s.io/client-go/kubernetes/typed/discovery/v1" typednetworking "k8s.io/client-go/kubernetes/typed/networking/v1" "k8s.io/ingress-nginx/cmd/plugin/util" @@ -129,55 +131,61 @@ func GetIngressDefinitions(flags *genericclioptions.ConfigFlags, namespace strin return pods.Items, nil } -// GetNumEndpoints counts the number of endpoints for the service with the given name +// GetNumEndpoints counts the number of endpointslices adresses for the service with the given name func GetNumEndpoints(flags *genericclioptions.ConfigFlags, namespace string, serviceName string) (*int, error) { - endpoints, err := GetEndpointsByName(flags, namespace, serviceName) + epss, err := GetEndpointSlicesByName(flags, namespace, serviceName) if err != nil { return nil, err } - if endpoints == nil { + if len(epss) == 0 { return nil, nil } ret := 0 - for _, subset := range endpoints.Subsets { - ret += len(subset.Addresses) + for _, eps := range epss { + for _, ep := range eps.Endpoints { + ret += len(ep.Addresses) + } } return &ret, nil } -// GetEndpointsByName returns the endpoints for the service with the given name -func GetEndpointsByName(flags *genericclioptions.ConfigFlags, namespace string, name string) (*apiv1.Endpoints, error) { - allEndpoints, err := getEndpoints(flags, namespace) +// GetEndpointSlicesByName returns the endpointSlices for the service with the given name +func GetEndpointSlicesByName(flags *genericclioptions.ConfigFlags, namespace string, name string) ([]discoveryv1.EndpointSlice, error) { + allEndpointsSlices, err := getEndpointSlices(flags, namespace) if err != nil { return nil, err } - - for _, endpoints := range allEndpoints { - if endpoints.Name == name { - return &endpoints, nil + var eps []discoveryv1.EndpointSlice + for _, slice := range allEndpointsSlices { + if svcName, ok := slice.ObjectMeta.GetLabels()[discoveryv1.LabelServiceName]; ok { + if svcName == name { + eps = append(eps, slice) + } } } - return nil, nil + return eps, nil } -var endpointsCache = make(map[string]*[]apiv1.Endpoints) +var endpointSlicesCache = make(map[string]*[]discoveryv1.EndpointSlice) + +func getEndpointSlices(flags *genericclioptions.ConfigFlags, namespace string) ([]discoveryv1.EndpointSlice, error) { + cachedEndpointSlices, ok := endpointSlicesCache[namespace] -func getEndpoints(flags *genericclioptions.ConfigFlags, namespace string) ([]apiv1.Endpoints, error) { - cachedEndpoints, ok := endpointsCache[namespace] if ok { - return *cachedEndpoints, nil + return *cachedEndpointSlices, nil } if namespace != "" { - tryAllNamespacesEndpointsCache(flags) + tryAllNamespacesEndpointSlicesCache(flags) } - cachedEndpoints = tryFilteringEndpointsFromAllNamespacesCache(flags, namespace) - if cachedEndpoints != nil { - return *cachedEndpoints, nil + cachedEndpointSlices = tryFilteringEndpointSlicesFromAllNamespacesCache(flags, namespace) + + if cachedEndpointSlices != nil { + return *cachedEndpointSlices, nil } rawConfig, err := flags.ToRESTConfig() @@ -185,42 +193,41 @@ func getEndpoints(flags *genericclioptions.ConfigFlags, namespace string) ([]api return nil, err } - api, err := corev1.NewForConfig(rawConfig) + api, err := discoveryv1client.NewForConfig(rawConfig) if err != nil { return nil, err } - - endpointsList, err := api.Endpoints(namespace).List(context.TODO(), metav1.ListOptions{}) + endpointSlicesList, err := api.EndpointSlices(namespace).List(context.TODO(), metav1.ListOptions{}) if err != nil { return nil, err } - endpoints := endpointsList.Items + endpointSlices := endpointSlicesList.Items - endpointsCache[namespace] = &endpoints - return endpoints, nil + endpointSlicesCache[namespace] = &endpointSlices + return endpointSlices, nil } -func tryAllNamespacesEndpointsCache(flags *genericclioptions.ConfigFlags) { - _, ok := endpointsCache[""] +func tryAllNamespacesEndpointSlicesCache(flags *genericclioptions.ConfigFlags) { + _, ok := endpointSlicesCache[""] if !ok { - _, err := getEndpoints(flags, "") + _, err := getEndpointSlices(flags, "") if err != nil { - endpointsCache[""] = nil + endpointSlicesCache[""] = nil } } } -func tryFilteringEndpointsFromAllNamespacesCache(flags *genericclioptions.ConfigFlags, namespace string) *[]apiv1.Endpoints { - allEndpoints := endpointsCache[""] - if allEndpoints != nil { - endpoints := make([]apiv1.Endpoints, 0) - for _, thisEndpoints := range *allEndpoints { - if thisEndpoints.Namespace == namespace { - endpoints = append(endpoints, thisEndpoints) +func tryFilteringEndpointSlicesFromAllNamespacesCache(flags *genericclioptions.ConfigFlags, namespace string) *[]discoveryv1.EndpointSlice { + allEndpointSlices := endpointSlicesCache[""] + if allEndpointSlices != nil { + endpointSlices := make([]discoveryv1.EndpointSlice, 0) + for _, slice := range *allEndpointSlices { + if slice.Namespace == namespace { + endpointSlices = append(endpointSlices, slice) } } - endpointsCache[namespace] = &endpoints - return &endpoints + endpointSlicesCache[namespace] = &endpointSlices + return &endpointSlices } return nil } From 1a078af307d3cb52e3ad4c17e6a26bf4ef82581b Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Wed, 28 Sep 2022 23:02:30 +0200 Subject: [PATCH 298/494] fix chroot module mount path (#9090) --- charts/ingress-nginx/templates/controller-deployment.yaml | 4 ++++ rootfs/Dockerfile-chroot | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 5ad186794..c193f776c 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -147,7 +147,11 @@ spec: volumeMounts: {{- if .Values.controller.extraModules }} - name: modules + {{ if .Values.controller.image.chroot }} + mountPath: /chroot/modules_mount + {{ else }} mountPath: /modules_mount + {{ end }} {{- end }} {{- if .Values.controller.customTemplate.configMapName }} - mountPath: /etc/nginx/template diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index 64b222890..4805909d5 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -84,7 +84,7 @@ RUN bash -xeu -c ' \ # LD_LIBRARY_PATH does not work so below is needed for opentelemetry/other modules # Put libs of newer modules under `/modules_mount//lib` and add that path below # Could get complicated arch specific paths become a need - && echo "/lib:/usr/lib:/usr/local/lib:/modules_mount/otel/lib" > /etc/ld-musl-x86_64.path + && echo "/lib:/usr/lib:/usr/local/lib:/modules_mount/etc/nginx/modules/otel" > /chroot/etc/ld-musl-x86_64.path RUN apk add --no-cache libcap \ && setcap cap_sys_chroot,cap_net_bind_service=+ep /nginx-ingress-controller \ @@ -113,6 +113,10 @@ RUN ln -sf /chroot/etc/nginx /etc/nginx \ && mknod -m 0666 /chroot/dev/zero c 1 5 \ && mknod -m 0666 /chroot/dev/tty c 5 0 +RUN mkdir -p /chroot/modules_mount \ + && mkdir -p modules_mount \ + && ln -s /modules_mount /chroot/modules_mount + USER www-data EXPOSE 80 443 From 61be730b910fff455d0c117f7a511097924f8fd6 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Thu, 29 Sep 2022 21:12:54 +0530 Subject: [PATCH 299/494] kubewebhookcertgen sha change after go1191 (#9059) --- charts/ingress-nginx/README.md | 4 ++-- charts/ingress-nginx/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 4e6a696c6..d689e3d5f 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -252,11 +252,11 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.image.digest | string | `"sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47"` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | -| controller.admissionWebhooks.patch.image.tag | string | `"v1.3.0"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v20220916-gd32f8c343"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 9c34e7f6f..301635701 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -646,8 +646,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.3.0 - digest: sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + tag: v20220916-gd32f8c343 + digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## From 0b04270517bfa9402d72319812022d3b3f692178 Mon Sep 17 00:00:00 2001 From: Wilmar den Ouden Date: Thu, 29 Sep 2022 19:40:39 +0200 Subject: [PATCH 300/494] expand CI testing for all stable versions of Kubernetes (#9078) * ci: setup version matrix for the helm chart e2e Signed-off-by: wilmarguida * ci: sync all k8s version on CI steps Signed-off-by: wilmarguida * ci: bump all k8s version to latest stable Signed-off-by: wilmarguida Signed-off-by: wilmarguida --- .github/workflows/ci.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index fc106b495..46e44817c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -128,6 +128,10 @@ jobs: if: | (needs.changes.outputs.charts == 'true') + strategy: + matrix: + k8s: [v1.23.12, v1.24.6, v1.25.2] + steps: - name: Checkout @@ -170,12 +174,12 @@ jobs: sudo mkdir -p $HOME/.kube sudo chmod -R 777 $HOME/.kube - - name: Create Kubernetes cluster + - name: Create Kubernetes ${{ matrix.k8s }} cluster id: kind uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: version: v0.15.0 - image: kindest/node:v1.25.0 + image: kindest/node:${{ matrix.k8s }} - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: @@ -208,7 +212,7 @@ jobs: strategy: matrix: - k8s: [v1.23.10, v1.24.4, v1.25.0] + k8s: [v1.23.12, v1.24.6, v1.25.2] steps: @@ -265,7 +269,7 @@ jobs: strategy: matrix: - k8s: [v1.24.4, v1.25.0] + k8s: [v1.23.12, v1.24.6, v1.25.2] steps: @@ -404,7 +408,7 @@ jobs: uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: version: v0.15.0 - image: kindest/node:v1.25.0 + image: kindest/node:v1.25.2 - name: Set up Go 1.19.1 id: go From 7cb91ef9c1b2d281567bb78d56aa704f8c793035 Mon Sep 17 00:00:00 2001 From: Nate Campbell Date: Fri, 30 Sep 2022 11:00:29 -0400 Subject: [PATCH 301/494] Support none keyword in log-format escape (#8692) * Support none keyword in log-format escape ## What this PR does / why we need it: ingress-nginx does not support disabling escaping of special characters in the nginx log. This PR exposes the setting to support that functionality. ## Types of changes - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Documentation only ## Which issue/s this PR fixes ## How Has This Been Tested? Followed the [getting-started](https://github.com/kubernetes/ingress-nginx/blob/96b6228a6b65a85e421b8a348a149e99181664d1/docs/developer-guide/getting-started.md) guide. Used ppa:longsleep/golang-backports on WSL Ubuntu to establish a golang-1.18 environment with latest docker and recommended kind. Built the dev-env successfully; had issues with make test, but they are entirely unrelated to anything I touched. Ultimate test was ``` FOCUS=log-format make kind-e2e-test ... Ginkgo ran 1 suite in 6m29.7437865s Test Suite Passed ``` ## Checklist: - [x] My change requires a change to the documentation. - [x] I have updated the documentation accordingly. - [x] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide - [x] I have added tests to cover my changes. - [x] All new and existing tests passed. I did not update docs/e2e-tests.md. * gofmt -s ./internal/ingress/controller/config/config.go --- .../nginx-configuration/configmap.md | 5 ++ internal/ingress/controller/config/config.go | 4 ++ rootfs/etc/nginx/template/nginx.tmpl | 2 +- test/e2e/settings/log-format.go | 55 ++++++++++++++++--- 4 files changed, 57 insertions(+), 9 deletions(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index cd25095b0..c985d7373 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -64,6 +64,7 @@ The following table shows a configuration option's name, type, and the default v |[keep-alive](#keep-alive)|int|75| |[keep-alive-requests](#keep-alive-requests)|int|100| |[large-client-header-buffers](#large-client-header-buffers)|string|"4 8k"| +|[log-format-escape-none](#log-format-escape-none)|bool|"false"| |[log-format-escape-json](#log-format-escape-json)|bool|"false"| |[log-format-upstream](#log-format-upstream)|string|`$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`| |[log-format-stream](#log-format-stream)|string|`[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time`| @@ -468,6 +469,10 @@ Sets the maximum number and size of buffers used for reading large client reques _References:_ [https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers](https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers) +## log-format-escape-none + +Sets if the escape parameter is disabled entirely for character escaping in variables ("true") or controlled by log-format-escape-json ("false") Sets the nginx [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format). + ## log-format-escape-json Sets if the escape parameter allows JSON ("true") or default characters escaping in variables ("false") Sets the nginx [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format). diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 4ee2df965..8bf71b774 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -263,6 +263,10 @@ type Configuration struct { // Default: 4 8k LargeClientHeaderBuffers string `json:"large-client-header-buffers"` + // Disable all escaping + // http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format + LogFormatEscapeNone bool `json:"log-format-escape-none,omitempty"` + // Enable json escaping // http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format LogFormatEscapeJSON bool `json:"log-format-escape-json,omitempty"` diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index a04f71f0e..c315e4ee9 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -361,7 +361,7 @@ http { # $ingress_name # $service_name # $service_port - log_format upstreaminfo {{ if $cfg.LogFormatEscapeJSON }}escape=json {{ end }}'{{ $cfg.LogFormatUpstream }}'; + log_format upstreaminfo {{ if $cfg.LogFormatEscapeNone }}escape=none {{ else if $cfg.LogFormatEscapeJSON }}escape=json {{ end }}'{{ $cfg.LogFormatUpstream }}'; {{/* map urls that should not appear in access.log */}} {{/* http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log */}} diff --git a/test/e2e/settings/log-format.go b/test/e2e/settings/log-format.go index b43fce874..24877818d 100644 --- a/test/e2e/settings/log-format.go +++ b/test/e2e/settings/log-format.go @@ -35,12 +35,12 @@ var _ = framework.DescribeSetting("log-format-*", func() { f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)) }) - ginkgo.Context("Check log-format-escape-json", func() { + ginkgo.Context("Check log-format-escape-json and log-format-escape-none", func() { - ginkgo.It("should disable the log-format-escape-json by default", func() { + ginkgo.It("should not configure log-format escape by default", func() { f.WaitForNginxConfiguration( func(cfg string) bool { - return !strings.Contains(cfg, "log_format upstreaminfo escape=json") + return !strings.Contains(cfg, "log_format upstreaminfo escape") }) }) @@ -59,9 +59,25 @@ var _ = framework.DescribeSetting("log-format-*", func() { return !strings.Contains(cfg, "log_format upstreaminfo escape=json") }) }) + + ginkgo.It("should enable the log-format-escape-none", func() { + f.UpdateNginxConfigMapData("log-format-escape-none", "true") + f.WaitForNginxConfiguration( + func(cfg string) bool { + return strings.Contains(cfg, "log_format upstreaminfo escape=none") + }) + }) + + ginkgo.It("should disable the log-format-escape-none", func() { + f.UpdateNginxConfigMapData("log-format-escape-none", "false") + f.WaitForNginxConfiguration( + func(cfg string) bool { + return !strings.Contains(cfg, "log_format upstreaminfo escape=none") + }) + }) }) - ginkgo.Context("Check log-format-upstream with log-format-escape-json", func() { + ginkgo.Context("Check log-format-upstream with log-format-escape-json and log-format-escape-none", func() { ginkgo.It("log-format-escape-json enabled", func() { f.SetNginxConfigMapData(map[string]string{ @@ -86,7 +102,7 @@ var _ = framework.DescribeSetting("log-format-*", func() { assert.Contains(ginkgo.GinkgoT(), logs, `{"my_header1":"Here is \"header1\" with json escape", "my_header2":""}`) }) - ginkgo.It("log-format-escape-json disabled", func() { + ginkgo.It("log-format default escape", func() { f.SetNginxConfigMapData(map[string]string{ "log-format-escape-json": "false", "log-format-upstream": "\"{\"my_header3\":\"$http_header3\", \"my_header4\":\"$http_header4\"}\"", @@ -94,19 +110,42 @@ var _ = framework.DescribeSetting("log-format-*", func() { f.WaitForNginxConfiguration( func(cfg string) bool { - return !strings.Contains(cfg, "log_format upstreaminfo escape=json") + return !strings.Contains(cfg, "log_format upstreaminfo escape") }) f.HTTPTestClient(). GET("/"). WithHeader("Host", host). - WithHeader("header3", `Here is "header3" with json escape`). + WithHeader("header3", `Here is "header3" with default escape`). Expect(). Status(http.StatusOK) logs, err := f.NginxLogs() assert.Nil(ginkgo.GinkgoT(), err, "obtaining nginx logs") - assert.Contains(ginkgo.GinkgoT(), logs, `{"my_header3":"Here is \x22header3\x22 with json escape", "my_header4":"-"}`) + assert.Contains(ginkgo.GinkgoT(), logs, `{"my_header3":"Here is \x22header3\x22 with default escape", "my_header4":"-"}`) + }) + + ginkgo.It("log-format-escape-none enabled", func() { + f.SetNginxConfigMapData(map[string]string{ + "log-format-escape-none": "true", + "log-format-upstream": "\"{\"my_header5\":\"$http_header5\", \"my_header6\":\"$http_header6\"}\"", + }) + + f.WaitForNginxConfiguration( + func(cfg string) bool { + return strings.Contains(cfg, "log_format upstreaminfo escape=none") + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("header5", `Here is "header5" with none escape`). + Expect(). + Status(http.StatusOK) + + logs, err := f.NginxLogs() + assert.Nil(ginkgo.GinkgoT(), err, "obtaining nginx logs") + assert.Contains(ginkgo.GinkgoT(), logs, `{"my_header5":"Here is "header5" with none escape", "my_header6":""}`) }) }) }) From e6ff97fbbe4efc39ec673a3ecda734a9a0e880b7 Mon Sep 17 00:00:00 2001 From: Dmitry Bashkatov Date: Fri, 30 Sep 2022 18:00:36 +0300 Subject: [PATCH 302/494] Consistent prometheus metric names and documentation (#8728) * clean prometheus metrics - add new histogram metrics with consistent names - deprecate summary metrics with inconsistent names * update prometheus metrics tests * remove ingress_upstream_header_seconds metric It hasn't been released so it is safe. Use header_duration_seconds metric. * add documentation on prometheus metrics --- docs/user-guide/cli-arguments.md | 3 + docs/user-guide/monitoring.md | 197 +++++++++++++++--- internal/ingress/metric/collectors/socket.go | 129 ++++++------ .../ingress/metric/collectors/socket_test.go | 94 +++++++-- 4 files changed, 321 insertions(+), 102 deletions(-) diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index 0b710958d..9d7bd9fc6 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -32,6 +32,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--ingress-class-by-name` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false) | | `--internal-logger-address` | Define the internal logger address to use when chroot images is used. (default 127.0.0.1:11514) | | `--kubeconfig` | Path to a kubeconfig file containing authorization and API server information. | +| `--length-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength. (default `[10, 20, 30, 40, 50, 60, 70, 80, 90, 100]`) | | `--log_backtrace_at` | when logging hits line file:N, emit a stack trace (default :0) | | `--log_dir` | If non-empty, write log files in this directory | | `--log_file` | If non-empty, use this log file | @@ -52,6 +53,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--skip_headers` | If true, avoid header prefixes in the log messages | | `--skip_log_headers` | If true, avoid headers when opening log files | | `--ssl-passthrough-proxy-port` | Port to use internally for SSL Passthrough. (default 442) | +| `--size-buckets` | Set of buckets which will be used for prometheus histogram metrics such as BytesSent. (default `[10, 100, 1000, 10000, 100000, 1e+06, 1e+07]`) | | `--status-port` | Port to use for the lua HTTP endpoint configuration. (default 10246) | | `--status-update-interval` | Time interval in seconds in which the status should check if an update is required. Default is 60 seconds (default 60) | | `--stderrthreshold` | logs at or above this threshold go to stderr (default 2) | @@ -59,6 +61,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--sync-period` | Period at which the controller forces the repopulation of its local object stores. Disabled by default. | | `--sync-rate-limit` | Define the sync frequency upper limit (default 0.3) | | `--tcp-services-configmap` | Name of the ConfigMap containing the definition of the TCP services to expose. The key in the map indicates the external port to be used. The value is a reference to a Service in the form "namespace/name:port", where "port" can either be a port number or name. TCP ports 80 and 443 are reserved by the controller for servicing HTTP traffic. | +| `--time-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime. (default `[0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]`) | | `--udp-services-configmap` | Name of the ConfigMap containing the definition of the UDP services to expose. The key in the map indicates the external port to be used. The value is a reference to a Service in the form "namespace/name:port", where "port" can either be a port name or number. | | `--update-status` | Update the load-balancer status of Ingress objects this controller satisfies. Requires setting the publish-service parameter to a valid Service reference. (default true) | | `--update-status-on-shutdown` | Update the load-balancer status of Ingress objects when the controller shuts down. Requires the update-status parameter. (default true) | diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index c59e976e7..5c53213ea 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -1,9 +1,11 @@ -# Prometheus and Grafana installation -Two different methods to install and configure Prometheus and Grafana are described in this doc. -- Prometheus and Grafana installation using Pod Annotations. This installs Prometheus and Grafana in the same namespace as NGINX Ingress -- Prometheus and Grafana installation using Service Monitors. This installs Prometheus and Grafana in two different namespaces. This is the preferred method, and helm charts supports this by default. +# Monitoring + +Two different methods to install and configure Prometheus and Grafana are described in this doc. +* Prometheus and Grafana installation using Pod Annotations. This installs Prometheus and Grafana in the same namespace as NGINX Ingress +* Prometheus and Grafana installation using Service Monitors. This installs Prometheus and Grafana in two different namespaces. This is the preferred method, and helm charts supports this by default. + +## Prometheus and Grafana installation using Pod Annotations -## PROMETHEUS AND GRAFANA INSTALLATION USING POD ANNOTATIONS This tutorial will show you how to install [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/) for scraping the metrics of the NGINX Ingress controller. !!! important @@ -168,7 +170,7 @@ According to the above example, this URL will be http://10.192.0.3:31086 - By default request metrics are labeled with the hostname. When you have a wildcard domain ingress, then there will be no metrics for that ingress (to prevent the metrics from exploding in cardinality). To get metrics in this case you need to run the ingress controller with `--metrics-per-host=false` (you will lose labeling by hostname, but still have labeling by ingress). ### Grafana dashboard using ingress resource - - If you want to expose the dashboard for grafana using a ingress resource, then you can : + - If you want to expose the dashboard for grafana using a ingress resource, then you can : - change the service type of the prometheus-server service and the grafana service to "ClusterIP" like this : ``` kubectl -n ingress-nginx edit svc grafana @@ -179,18 +181,18 @@ According to the above example, this URL will be http://10.192.0.3:31086 - create a ingress resource with backend as "grafana" and port as "3000" - Similarly, you can edit the service "prometheus-server" and add a ingress resource. -## PROMETHEUS AND GRAFANA INSTALLATION USING SERVICE MONITORS -This document assumes you're using helm and using the kube-prometheus-stack package to install Prometheus and Grafana. +## Prometheus and Grafana installation using Service Monitors +This document assumes you're using helm and using the kube-prometheus-stack package to install Prometheus and Grafana. ### Verify NGINX Ingress controller is installed - The NGINX Ingress controller should already be deployed according to the deployment instructions [here](../deploy/index.md). -- To check if Ingress controller is deployed, +- To check if Ingress controller is deployed, ``` - kubectl get pods -n ingress-nginx + kubectl get pods -n ingress-nginx ``` -- The result should look something like: +- The result should look something like: ``` NAME READY STATUS RESTARTS AGE ingress-nginx-controller-7c489dc7b7-ccrf6 1/1 Running 0 19h @@ -205,8 +207,8 @@ This document assumes you're using helm and using the kube-prometheus-stack pack ``` ``` NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION - ingress-nginx ingress-nginx 10 2022-01-20 18:08:55.267373 -0800 PST deployed ingress-nginx-4.0.16 1.1.1 - prometheus prometheus 1 2022-01-20 16:07:25.086828 -0800 PST deployed kube-prometheus-stack-30.1.0 0.53.1 + ingress-nginx ingress-nginx 10 2022-01-20 18:08:55.267373 -0800 PST deployed ingress-nginx-4.0.16 1.1.1 + prometheus prometheus 1 2022-01-20 16:07:25.086828 -0800 PST deployed kube-prometheus-stack-30.1.0 0.53.1 ``` - Notice that prometheus is installed in a differenet namespace than ingress-nginx @@ -218,9 +220,9 @@ This document assumes you're using helm and using the kube-prometheus-stack pack ``` controller.metrics.enabled=true controller.metrics.serviceMonitor.enabled=true - controller.metrics.serviceMonitor.additionalLabels.release="prometheus" + controller.metrics.serviceMonitor.additionalLabels.release="prometheus" ``` -- The easiest way of doing this is to helm upgrade +- The easiest way of doing this is to helm upgrade ``` helm upgrade ingress-nginx ingress-nginx/ingress-nginx \ --namespace ingress-nginx \ @@ -248,7 +250,7 @@ This document assumes you're using helm and using the kube-prometheus-stack pack - Since Prometheus is running in a different namespace and not in the ingress-nginx namespace, it would not be able to discover ServiceMonitors in other namespaces when installed. Reconfigure your kube-prometheus-stack Helm installation to set `serviceMonitorSelectorNilUsesHelmValues` flag to false. By default, Prometheus only discovers PodMonitors within its own namespace. This should be disabled by setting `podMonitorSelectorNilUsesHelmValues` to false - The configurations required are: ``` - prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false + prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false ``` - The easiest way of doing this is to use `helm upgrade ...` @@ -271,12 +273,12 @@ This document assumes you're using helm and using the kube-prometheus-stack pack ``` ### Connect and view Prometheus dashboard -- Port forward to Prometheus service. Find out the name of the prometheus service by using the following command: +- Port forward to Prometheus service. Find out the name of the prometheus service by using the following command: ``` kubectl get svc -n prometheus ``` - The result of this command would look like: + The result of this command would look like: ``` NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE alertmanager-operated ClusterIP None 9093/TCP,9094/TCP,9094/UDP 7h46m @@ -292,22 +294,22 @@ This document assumes you're using helm and using the kube-prometheus-stack pack ``` kubectl port-forward svc/prometheus-kube-prometheus-prometheus -n prometheus 9090:9090 ``` - When you run the above command, you should see something like: + When you run the above command, you should see something like: ``` Forwarding from 127.0.0.1:9090 -> 9090 Forwarding from [::1]:9090 -> 9090 ``` - Open your browser and visit the following URL http://localhost:{port-forwarded-port} according to the above example it would be, http://localhost:9090 - + ![Prometheus Dashboard](../images/prometheus-dashboard1.png) -### Connect and view Grafana dashboard -- Port forward to Grafana service. Find out the name of the Grafana service by using the following command: +### Connect and view Grafana dashboard +- Port forward to Grafana service. Find out the name of the Grafana service by using the following command: ``` kubectl get svc -n prometheus ``` - The result of this command would look like: + The result of this command would look like: ``` NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE alertmanager-operated ClusterIP None 9093/TCP,9094/TCP,9094/UDP 7h46m @@ -323,7 +325,7 @@ This document assumes you're using helm and using the kube-prometheus-stack pack ``` kubectl port-forward svc/prometheus-grafana 3000:80 -n prometheus ``` - When you run the above command, you should see something like: + When you run the above command, you should see something like: ``` Forwarding from 127.0.0.1:3000 -> 3000 Forwarding from [::1]:3000 -> 3000 @@ -345,4 +347,149 @@ This document assumes you're using helm and using the kube-prometheus-stack pack - Click "Import" ![Grafana Dashboard](../images/grafana-dashboard1.png) - + + +## Exposed metrics + +Prometheus metrics are exposed on port 10254. + +### Request metrics + +* `nginx_ingress_controller_request_duration_seconds` Histogram + + The request processing time in milliseconds (affected by client speed) + + nginx var: `request_time` + +* `nginx_ingress_controller_response_duration_seconds` Histogram + + The time spent on receiving the response from the upstream server (affected by client speed) + + nginx var: `upstream_response_time` + +* `nginx_ingress_controller_header_duration_seconds` Histogram + + The time spent on receiving first header from the upstream server + + nginx var: `upstream_header_time` + +* `nginx_ingress_controller_connect_duration_seconds` Histogram + + The time spent on establishing a connection with the upstream server + + nginx var: `upstream_connect_time` + +* `nginx_ingress_controller_response_size` Histogram + + The response length (including request line, header, and request body) + + nginx var: `bytes_sent` + +* `nginx_ingress_controller_request_size` Histogram + + The request length (including request line, header, and request body) + + nginx var: `request_length` + +* `nginx_ingress_controller_requests` Counter + + The total number of client requests + +* `nginx_ingress_controller_bytes_sent` Histogram + + The number of bytes sent to a client. **Deprecated**, use `nginx_ingress_controller_response_size` + + nginx var: `bytes_sent` + +* `nginx_ingress_controller_ingress_upstream_latency_seconds` Summary + + Upstream service latency per Ingress. **Deprecated**, use `nginx_ingress_controller_connect_duration_seconds` + + nginx var: `upstream_connect_time` + +``` +# HELP nginx_ingress_controller_bytes_sent The number of bytes sent to a client. DEPRECATED! Use nginx_ingress_controller_response_size +# TYPE nginx_ingress_controller_bytes_sent histogram +# HELP nginx_ingress_controller_connect_duration_seconds The time spent on establishing a connection with the upstream server +# TYPE nginx_ingress_controller_connect_duration_seconds nginx_ingress_controller_connect_duration_seconds +* HELP nginx_ingress_controller_header_duration_seconds The time spent on receiving first header from the upstream server +# TYPE nginx_ingress_controller_header_duration_seconds histogram +# HELP nginx_ingress_controller_ingress_upstream_latency_seconds Upstream service latency per Ingress DEPRECATED! Use nginx_ingress_controller_connect_duration_seconds +# TYPE nginx_ingress_controller_ingress_upstream_latency_seconds summary +# HELP nginx_ingress_controller_request_duration_seconds The request processing time in milliseconds +# TYPE nginx_ingress_controller_request_duration_seconds histogram +# HELP nginx_ingress_controller_request_size The request length (including request line, header, and request body) +# TYPE nginx_ingress_controller_request_size histogram +# HELP nginx_ingress_controller_requests The total number of client requests. +# TYPE nginx_ingress_controller_requests counter +# HELP nginx_ingress_controller_response_duration_seconds The time spent on receiving the response from the upstream server +# TYPE nginx_ingress_controller_response_duration_seconds histogram +# HELP nginx_ingress_controller_response_size The response length (including request line, header, and request body) +# TYPE nginx_ingress_controller_response_size histogram +``` + + +### Nginx process metrics +``` +# HELP nginx_ingress_controller_nginx_process_connections current number of client connections with state {active, reading, writing, waiting} +# TYPE nginx_ingress_controller_nginx_process_connections gauge +# HELP nginx_ingress_controller_nginx_process_connections_total total number of connections with state {accepted, handled} +# TYPE nginx_ingress_controller_nginx_process_connections_total counter +# HELP nginx_ingress_controller_nginx_process_cpu_seconds_total Cpu usage in seconds +# TYPE nginx_ingress_controller_nginx_process_cpu_seconds_total counter +# HELP nginx_ingress_controller_nginx_process_num_procs number of processes +# TYPE nginx_ingress_controller_nginx_process_num_procs gauge +# HELP nginx_ingress_controller_nginx_process_oldest_start_time_seconds start time in seconds since 1970/01/01 +# TYPE nginx_ingress_controller_nginx_process_oldest_start_time_seconds gauge +# HELP nginx_ingress_controller_nginx_process_read_bytes_total number of bytes read +# TYPE nginx_ingress_controller_nginx_process_read_bytes_total counter +# HELP nginx_ingress_controller_nginx_process_requests_total total number of client requests +# TYPE nginx_ingress_controller_nginx_process_requests_total counter +# HELP nginx_ingress_controller_nginx_process_resident_memory_bytes number of bytes of memory in use +# TYPE nginx_ingress_controller_nginx_process_resident_memory_bytes gauge +# HELP nginx_ingress_controller_nginx_process_virtual_memory_bytes number of bytes of memory in use +# TYPE nginx_ingress_controller_nginx_process_virtual_memory_bytes gauge +# HELP nginx_ingress_controller_nginx_process_write_bytes_total number of bytes written +# TYPE nginx_ingress_controller_nginx_process_write_bytes_total counter +``` + +### Controller metrics +``` +# HELP nginx_ingress_controller_build_info A metric with a constant '1' labeled with information about the build. +# TYPE nginx_ingress_controller_build_info gauge +# HELP nginx_ingress_controller_check_success Cumulative number of Ingress controller syntax check operations +# TYPE nginx_ingress_controller_check_success counter +# HELP nginx_ingress_controller_config_hash Running configuration hash actually running +# TYPE nginx_ingress_controller_config_hash gauge +# HELP nginx_ingress_controller_config_last_reload_successful Whether the last configuration reload attempt was successful +# TYPE nginx_ingress_controller_config_last_reload_successful gauge +# HELP nginx_ingress_controller_config_last_reload_successful_timestamp_seconds Timestamp of the last successful configuration reload. +# TYPE nginx_ingress_controller_config_last_reload_successful_timestamp_seconds gauge +# HELP nginx_ingress_controller_ssl_certificate_info Hold all labels associated to a certificate +# TYPE nginx_ingress_controller_ssl_certificate_info gauge +# HELP nginx_ingress_controller_success Cumulative number of Ingress controller reload operations +# TYPE nginx_ingress_controller_success counter +``` + +### Admission metrics +``` +# HELP nginx_ingress_controller_admission_config_size The size of the tested configuration +# TYPE nginx_ingress_controller_admission_config_size gauge +# HELP nginx_ingress_controller_admission_render_duration The processing duration of ingresses rendering by the admission controller (float seconds) +# TYPE nginx_ingress_controller_admission_render_duration gauge +# HELP nginx_ingress_controller_admission_render_ingresses The length of ingresses rendered by the admission controller +# TYPE nginx_ingress_controller_admission_render_ingresses gauge +# HELP nginx_ingress_controller_admission_roundtrip_duration The complete duration of the admission controller at the time to process a new event (float seconds) +# TYPE nginx_ingress_controller_admission_roundtrip_duration gauge +# HELP nginx_ingress_controller_admission_tested_duration The processing duration of the admission controller tests (float seconds) +# TYPE nginx_ingress_controller_admission_tested_duration gauge +# HELP nginx_ingress_controller_admission_tested_ingresses The length of ingresses processed by the admission controller +# TYPE nginx_ingress_controller_admission_tested_ingresses gauge +``` + +### Histogram buckets + +You can configure buckets for histogram metrics using these command line options (here are their default values): +* `--time-buckets=[0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]` +* `--length-buckets=[10, 20, 30, 40, 50, 60, 70, 80, 90, 100]` +* `--size-buckets=[10, 100, 1000, 10000, 100000, 1e+06, 1e+07]` diff --git a/internal/ingress/metric/collectors/socket.go b/internal/ingress/metric/collectors/socket.go index 3b87c0ad1..9c0376cd3 100644 --- a/internal/ingress/metric/collectors/socket.go +++ b/internal/ingress/metric/collectors/socket.go @@ -29,14 +29,6 @@ import ( "k8s.io/klog/v2" ) -type upstream struct { - Latency float64 `json:"upstreamLatency"` - HeaderTime float64 `json:"upstreamHeaderTime"` - ResponseLength float64 `json:"upstreamResponseLength"` - ResponseTime float64 `json:"upstreamResponseTime"` - //Status string `json:"upstreamStatus"` -} - type socketData struct { Host string `json:"host"` Status string `json:"status"` @@ -48,7 +40,11 @@ type socketData struct { RequestLength float64 `json:"requestLength"` RequestTime float64 `json:"requestTime"` - upstream + Latency float64 `json:"upstreamLatency"` + HeaderTime float64 `json:"upstreamHeaderTime"` + ResponseTime float64 `json:"upstreamResponseTime"` + //ResponseLength float64 `json:"upstreamResponseLength"` + //Status string `json:"upstreamStatus"` Namespace string `json:"namespace"` Ingress string `json:"ingress"` @@ -68,16 +64,15 @@ type HistogramBuckets struct { type SocketCollector struct { prometheus.Collector - requestTime *prometheus.HistogramVec - requestLength *prometheus.HistogramVec + upstreamLatency *prometheus.SummaryVec // TODO: DEPRECATED, remove + connectTime *prometheus.HistogramVec + headerTime *prometheus.HistogramVec + requestTime *prometheus.HistogramVec + responseTime *prometheus.HistogramVec - responseTime *prometheus.HistogramVec + requestLength *prometheus.HistogramVec responseLength *prometheus.HistogramVec - - upstreamHeaderTime *prometheus.SummaryVec - upstreamLatency *prometheus.SummaryVec - - bytesSent *prometheus.HistogramVec + bytesSent *prometheus.HistogramVec // TODO: DEPRECATED, remove requests *prometheus.CounterVec @@ -89,8 +84,6 @@ type SocketCollector struct { metricsPerHost bool reportStatusClasses bool - - buckets HistogramBuckets } var ( @@ -145,6 +138,26 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat metricsPerHost: metricsPerHost, reportStatusClasses: reportStatusClasses, + connectTime: prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "connect_duration_seconds", + Help: "The time spent on establishing a connection with the upstream server", + Namespace: PrometheusNamespace, + ConstLabels: constLabels, + Buckets: buckets.TimeBuckets, + }, + requestTags, + ), + headerTime: prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "header_duration_seconds", + Help: "The time spent on receiving first header from the upstream server", + Namespace: PrometheusNamespace, + ConstLabels: constLabels, + Buckets: buckets.TimeBuckets, + }, + requestTags, + ), responseTime: prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "response_duration_seconds", @@ -155,17 +168,6 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat }, requestTags, ), - responseLength: prometheus.NewHistogramVec( - prometheus.HistogramOpts{ - Name: "response_size", - Help: "The response length (including request line, header, and request body)", - Namespace: PrometheusNamespace, - ConstLabels: constLabels, - Buckets: buckets.LengthBuckets, - }, - requestTags, - ), - requestTime: prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "request_duration_seconds", @@ -176,6 +178,17 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat }, requestTags, ), + + responseLength: prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "response_size", + Help: "The response length (including request line, header, and request body)", + Namespace: PrometheusNamespace, + ConstLabels: constLabels, + Buckets: buckets.LengthBuckets, + }, + requestTags, + ), requestLength: prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "request_size", @@ -190,7 +203,7 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat requests: prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "requests", - Help: "The total number of client requests.", + Help: "The total number of client requests", Namespace: PrometheusNamespace, ConstLabels: constLabels, }, @@ -200,7 +213,7 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat bytesSent: prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "bytes_sent", - Help: "The number of bytes sent to a client", + Help: "DEPRECATED The number of bytes sent to a client", Namespace: PrometheusNamespace, Buckets: buckets.SizeBuckets, ConstLabels: constLabels, @@ -208,21 +221,10 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat requestTags, ), - upstreamHeaderTime: prometheus.NewSummaryVec( - prometheus.SummaryOpts{ - Name: "ingress_upstream_header_seconds", - Help: "The time spent on receiving first header from the upstream server", - Namespace: PrometheusNamespace, - ConstLabels: constLabels, - Objectives: defObjectives, - }, - []string{"ingress", "namespace", "service", "canary"}, - ), - upstreamLatency: prometheus.NewSummaryVec( prometheus.SummaryOpts{ Name: "ingress_upstream_latency_seconds", - Help: "Upstream service latency per Ingress", + Help: "DEPRECATED Upstream service latency per Ingress", Namespace: PrometheusNamespace, ConstLabels: constLabels, Objectives: defObjectives, @@ -232,16 +234,18 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat } sc.metricMapping = map[string]interface{}{ - prometheus.BuildFQName(PrometheusNamespace, "", "requests"): sc.requests, - prometheus.BuildFQName(PrometheusNamespace, "", "request_duration_seconds"): sc.requestTime, - prometheus.BuildFQName(PrometheusNamespace, "", "request_size"): sc.requestLength, + prometheus.BuildFQName(PrometheusNamespace, "", "requests"): sc.requests, + prometheus.BuildFQName(PrometheusNamespace, "", "connect_duration_seconds"): sc.connectTime, + prometheus.BuildFQName(PrometheusNamespace, "", "header_duration_seconds"): sc.headerTime, prometheus.BuildFQName(PrometheusNamespace, "", "response_duration_seconds"): sc.responseTime, - prometheus.BuildFQName(PrometheusNamespace, "", "response_size"): sc.responseLength, + prometheus.BuildFQName(PrometheusNamespace, "", "request_duration_seconds"): sc.requestTime, + + prometheus.BuildFQName(PrometheusNamespace, "", "request_size"): sc.requestLength, + prometheus.BuildFQName(PrometheusNamespace, "", "response_size"): sc.responseLength, prometheus.BuildFQName(PrometheusNamespace, "", "bytes_sent"): sc.bytesSent, - prometheus.BuildFQName(PrometheusNamespace, "", "ingress_upstream_header_seconds"): sc.upstreamHeaderTime, prometheus.BuildFQName(PrometheusNamespace, "", "ingress_upstream_latency_seconds"): sc.upstreamLatency, } @@ -309,6 +313,13 @@ func (sc *SocketCollector) handleMessage(msg []byte) { } if stats.Latency != -1 { + connectTimeMetric, err := sc.connectTime.GetMetricWith(requestLabels) + if err != nil { + klog.ErrorS(err, "Error fetching connect time metric") + } else { + connectTimeMetric.Observe(stats.Latency) + } + latencyMetric, err := sc.upstreamLatency.GetMetricWith(latencyLabels) if err != nil { klog.ErrorS(err, "Error fetching latency metric") @@ -318,7 +329,7 @@ func (sc *SocketCollector) handleMessage(msg []byte) { } if stats.HeaderTime != -1 { - headerTimeMetric, err := sc.upstreamHeaderTime.GetMetricWith(latencyLabels) + headerTimeMetric, err := sc.headerTime.GetMetricWith(requestLabels) if err != nil { klog.ErrorS(err, "Error fetching header time metric") } else { @@ -460,32 +471,34 @@ func (sc *SocketCollector) RemoveMetrics(ingresses []string, registry prometheus // Describe implements prometheus.Collector func (sc SocketCollector) Describe(ch chan<- *prometheus.Desc) { + sc.connectTime.Describe(ch) + sc.headerTime.Describe(ch) + sc.responseTime.Describe(ch) sc.requestTime.Describe(ch) + sc.requestLength.Describe(ch) + sc.responseLength.Describe(ch) sc.requests.Describe(ch) sc.upstreamLatency.Describe(ch) - sc.upstreamHeaderTime.Describe(ch) - - sc.responseTime.Describe(ch) - sc.responseLength.Describe(ch) sc.bytesSent.Describe(ch) } // Collect implements the prometheus.Collector interface. func (sc SocketCollector) Collect(ch chan<- prometheus.Metric) { + sc.connectTime.Collect(ch) + sc.headerTime.Collect(ch) + sc.responseTime.Collect(ch) sc.requestTime.Collect(ch) + sc.requestLength.Collect(ch) + sc.responseLength.Collect(ch) sc.requests.Collect(ch) sc.upstreamLatency.Collect(ch) - sc.upstreamHeaderTime.Collect(ch) - - sc.responseTime.Collect(ch) - sc.responseLength.Collect(ch) sc.bytesSent.Collect(ch) } diff --git a/internal/ingress/metric/collectors/socket_test.go b/internal/ingress/metric/collectors/socket_test.go index 11af7c06d..f175828cc 100644 --- a/internal/ingress/metric/collectors/socket_test.go +++ b/internal/ingress/metric/collectors/socket_test.go @@ -98,6 +98,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -122,6 +124,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -131,24 +135,60 @@ func TestCollector(t *testing.T) { "service":"test-app", "canary":"" }]`}, - metrics: []string{"nginx_ingress_controller_response_duration_seconds"}, + metrics: []string{ + "nginx_ingress_controller_connect_duration_seconds", + "nginx_ingress_controller_header_duration_seconds", + "nginx_ingress_controller_response_duration_seconds", + }, wantBefore: ` - # HELP nginx_ingress_controller_response_duration_seconds The time spent on receiving the response from the upstream server - # TYPE nginx_ingress_controller_response_duration_seconds histogram - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.005"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.01"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.025"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.05"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.1"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.25"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.5"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="1"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="2.5"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="5"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="10"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="+Inf"} 1 - nginx_ingress_controller_response_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 200 - nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 + # HELP nginx_ingress_controller_connect_duration_seconds The time spent on establishing a connection with the upstream server + # TYPE nginx_ingress_controller_connect_duration_seconds histogram + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.005"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.01"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.025"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.05"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.1"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.25"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.5"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="1"} 1 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="2.5"} 1 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="5"} 1 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="10"} 1 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="+Inf"} 1 + nginx_ingress_controller_connect_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 + nginx_ingress_controller_connect_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 + # HELP nginx_ingress_controller_header_duration_seconds The time spent on receiving first header from the upstream server + # TYPE nginx_ingress_controller_header_duration_seconds histogram + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.005"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.01"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.025"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.05"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.1"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.25"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.5"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="1"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="2.5"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="5"} 1 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="10"} 1 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="+Inf"} 1 + nginx_ingress_controller_header_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 5 + nginx_ingress_controller_header_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 + # HELP nginx_ingress_controller_response_duration_seconds The time spent on receiving the response from the upstream server + # TYPE nginx_ingress_controller_response_duration_seconds histogram + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.005"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.01"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.025"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.05"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.1"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.25"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.5"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="1"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="2.5"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="5"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="10"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="+Inf"} 1 + nginx_ingress_controller_response_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 200 + nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 `, removeIngresses: []string{"test-app-production/web-yml"}, wantAfter: ` @@ -164,6 +204,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -175,7 +217,7 @@ func TestCollector(t *testing.T) { }]`}, metrics: []string{"nginx_ingress_controller_requests"}, wantBefore: ` - # HELP nginx_ingress_controller_requests The total number of client requests. + # HELP nginx_ingress_controller_requests The total number of client requests # TYPE nginx_ingress_controller_requests counter nginx_ingress_controller_requests{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 `, @@ -193,6 +235,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -236,6 +280,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -252,6 +298,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -268,6 +316,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -308,7 +358,7 @@ func TestCollector(t *testing.T) { nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml-qa",method="GET",namespace="test-app-qa",path="/admin",service="test-app-qa",status="200",le="10"} 0 nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml-qa",method="GET",namespace="test-app-qa",path="/admin",service="test-app-qa",status="200",le="+Inf"} 2 nginx_ingress_controller_response_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml-qa",method="GET",namespace="test-app-qa",path="/admin",service="test-app-qa",status="200"} 400 - nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml-qa",method="GET",namespace="test-app-qa",path="/admin",service="test-app-qa",status="200"} 2 + nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml-qa",method="GET",namespace="test-app-qa",path="/admin",service="test-app-qa",status="200"} 2 `, }, @@ -323,6 +373,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -340,6 +392,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":100, @@ -382,6 +436,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, From dacb8da0588f687b9d16a1779f90c6adc6f40e83 Mon Sep 17 00:00:00 2001 From: Matt Lauber Date: Fri, 30 Sep 2022 11:06:29 -0400 Subject: [PATCH 303/494] Fix yaml formatting error with multiple annotations (#9104) When using multiple values for the `serviceAccount.annotations` values, the first line ends up indented 2 further than the following lines, resulting in a invalid yaml --- charts/ingress-nginx/templates/controller-serviceaccount.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml index 824b2a124..e31819f7c 100644 --- a/charts/ingress-nginx/templates/controller-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml @@ -12,7 +12,7 @@ metadata: namespace: {{ .Release.Namespace }} {{- if .Values.serviceAccount.annotations }} annotations: - {{ toYaml .Values.serviceAccount.annotations | indent 4 }} + {{- toYaml .Values.serviceAccount.annotations | indent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} From 8d7286c77ecc97284388020aabac6956cdf4b75a Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 30 Sep 2022 11:57:36 -0400 Subject: [PATCH 304/494] tag 1.4.0 to start release Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 757407982..0d0c52f84 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.1 +v1.4.0 From 3dd08bf2ee5fe658347101957507b0ba48aa34d5 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 30 Sep 2022 12:58:12 -0400 Subject: [PATCH 305/494] remove vcs build and resolve git issues Signed-off-by: James Strong --- TAG | 2 +- build/build.sh | 25 ++++++++++++------------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/TAG b/TAG index 0d0c52f84..757407982 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.0 +v1.3.1 diff --git a/build/build.sh b/build/build.sh index 42bec820b..f2f1ec2eb 100755 --- a/build/build.sh +++ b/build/build.sh @@ -49,31 +49,30 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director echo "Building ${PKG}/cmd/nginx" -pushd /go/src/k8s.io/ingress-nginx -git config --add safe.directory /go/src/k8s.io/ingress-nginx -popd - ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ - -X ${PKG}/version.RELEASE=${TAG} \ - -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ - -X ${PKG}/version.REPO=${REPO_INFO}" \ + -X ${PKG}/version.RELEASE=${TAG} \ + -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ + -X ${PKG}/version.REPO=${REPO_INFO}" \ + -buildvcs=false \ -o "${TARGETS_DIR}/nginx-ingress-controller" "${PKG}/cmd/nginx" echo "Building ${PKG}/cmd/dbg" ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ - -X ${PKG}/version.RELEASE=${TAG} \ - -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ - -X ${PKG}/version.REPO=${REPO_INFO}" \ + -X ${PKG}/version.RELEASE=${TAG} \ + -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ + -X ${PKG}/version.REPO=${REPO_INFO}" \ + -buildvcs=false \ -o "${TARGETS_DIR}/dbg" "${PKG}/cmd/dbg" echo "Building ${PKG}/cmd/waitshutdown" ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ - -X ${PKG}/version.RELEASE=${TAG} \ - -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ - -X ${PKG}/version.REPO=${REPO_INFO}" \ + -X ${PKG}/version.RELEASE=${TAG} \ + -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ + -X ${PKG}/version.REPO=${REPO_INFO}" \ + -buildvcs=false \ -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown" From 4c24fa29f65e4cd94ac1fe3f3d0bc245db8d84a7 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 30 Sep 2022 13:14:54 -0400 Subject: [PATCH 306/494] update tag to start build Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 757407982..0d0c52f84 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.1 +v1.4.0 From 5fb3b974afb1cf12fd6e67c6db4c23499087d270 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sat, 1 Oct 2022 22:14:13 +0530 Subject: [PATCH 307/494] fixed broken helm version comparision (#9113) --- build/dev-env.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/build/dev-env.sh b/build/dev-env.sh index 68b683350..ae6860726 100755 --- a/build/dev-env.sh +++ b/build/dev-env.sh @@ -45,9 +45,10 @@ if ! command -v helm &> /dev/null; then exit 1 fi -HELM_VERSION=$(helm version 2>&1 | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+') || true -if [[ ${HELM_VERSION} < "v3.9.0" ]]; then - echo "Please upgrade helm to v3.9.0 or higher" +HELM_VERSION=$(helm version 2>&1 | cut -f1 -d"," | grep -oE '[0-9]+\.[0-9]+\.[0-9]+') || true +echo $HELM_VERSION +if [[ ${HELM_VERSION} -lt 3.10.0 ]]; then + echo "Please upgrade helm to v3.10.0 or higher" exit 1 fi From c4a50ebaa64b975660e25e74faeaee5957f9ec5e Mon Sep 17 00:00:00 2001 From: James Strong Date: Sun, 2 Oct 2022 18:40:46 -0400 Subject: [PATCH 308/494] update for 1.4.0 release Signed-off-by: James Strong --- .github/workflows/ci.yaml | 2 +- Changelog.md | 111 +++++++++++++++++- README.md | 10 +- charts/ingress-nginx/CHANGELOG.md | 8 ++ charts/ingress-nginx/Chart.yaml | 10 +- charts/ingress-nginx/README.md | 8 +- charts/ingress-nginx/values.yaml | 6 +- deploy/static/provider/aws/deploy.yaml | 62 ++++++---- .../aws/nlb-with-tls-termination/deploy.yaml | 62 ++++++---- deploy/static/provider/baremetal/deploy.yaml | 62 ++++++---- deploy/static/provider/cloud/deploy.yaml | 62 ++++++---- deploy/static/provider/do/deploy.yaml | 62 ++++++---- deploy/static/provider/exoscale/deploy.yaml | 62 ++++++---- deploy/static/provider/kind/deploy.yaml | 62 ++++++---- deploy/static/provider/scw/deploy.yaml | 62 ++++++---- docs/deploy/index.md | 20 ++-- 16 files changed, 458 insertions(+), 213 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 46e44817c..07948ef78 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -130,7 +130,7 @@ jobs: strategy: matrix: - k8s: [v1.23.12, v1.24.6, v1.25.2] + k8s: [v1.22.15, v1.23.12, v1.24.6, v1.25.2] steps: diff --git a/Changelog.md b/Changelog.md index bcbcfee04..4fda4aee4 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,11 +1,114 @@ # Changelog + +### 1.4.0 + +### Community Updates + +We will discuss the results of our Community Survey, progress on the stabilization project, and ideas going +forward with the project at +[Kubecon NA 2022 in Detroit](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/). Come join us +and let us hear what you'd like to see in the future for ingress-nginx. + +https://kccncna2022.sched.com/event/18lgl?iframe=no + +[**Kubernetes Registry change notice**](https://twitter.com/BenTheElder/status/1575898507235323904) +The [@kubernetesio](https://twitter.com/kubernetesio) container image host http://k8s.gcr.io is +*actually* getting redirected to the community controlled http://registry.k8s.io starting with a small portion of +traffic on October 3rd. + +If you notice any issues, *please* ping [Ben Elder](https://twitter.com/BenTheElder), +[@thockin](https://twitter.com/thockin), [@ameukam](https://twitter.com/ameukam),or report issues in slack to +[sig-k8s-infra slack channel](https://kubernetes.slack.com/archives/CCK68P2Q2). + +### What's Changed + +* 1.4.0 updates ingress-nginx to use Endpointslices instead of Endpoints. Thank you, @tombokombo, for your work in +[8890](https://github.com/kubernetes/ingress-nginx/pull/8890) +* Update to Prometheus metric names, more information [available here]( https://github.com/kubernetes/ingress-nginx/pull/8728 +) +* Deprecated Kubernetes versions 1.20-1.21, Added support for, 1.25, currently supported versions v1.23, v1.24, v1.25 + +ADDED +* `_request_duration_seconds` Histogram +* `_connect_duration_seconds` Histogram +* `_header_duration_seconds` Histogram +* `_response_duration_seconds` Histogram + +Updated +* `_response_size` Histogram +* `_request_size` Histogram +* `_requests` Counter + +DEPRECATED +* `_bytes_sent` Histogram +* _ingress_upstream_latency_seconds` Summary + +REMOVED +* `ingress_upstream_header_seconds` Summary + +Also upgraded to golang 1.19.1 + + + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.4.0@sha256:b67e889f1db8692de7e41d4d9aef8de56645bf048261f31fa7f8bfc6ea2222a0 + + +### All Changes: + +* [9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations +* [9090](https://github.com/kubernetes/ingress-nginx/pull/9090) fix chroot module mount path +* [9088](https://github.com/kubernetes/ingress-nginx/pull/9088) Add annotation for setting sticky cookie domain +* [9086](https://github.com/kubernetes/ingress-nginx/pull/9086) Update Version ModSecurity and Coreruleset +* [9081](https://github.com/kubernetes/ingress-nginx/pull/9081) plugin - endpoints to slices +* [9078](https://github.com/kubernetes/ingress-nginx/pull/9078) expand CI testing for all stable versions of Kubernetes +* [9074](https://github.com/kubernetes/ingress-nginx/pull/9074) fix: do not apply job-patch psp on Kubernetes 1.25 and newer +* [9072](https://github.com/kubernetes/ingress-nginx/pull/9072) Added a Link to the New Contributors Tips +* [9069](https://github.com/kubernetes/ingress-nginx/pull/9069) Add missing space to error message +* [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191 +* [9058](https://github.com/kubernetes/ingress-nginx/pull/9058) updated testrunner image sha after bump to go1191 +* [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name +* [9036](https://github.com/kubernetes/ingress-nginx/pull/9036) update OpenTelemetry image +* [9035](https://github.com/kubernetes/ingress-nginx/pull/9035) Added instructions for Rancher Desktop +* [9028](https://github.com/kubernetes/ingress-nginx/pull/9028) fix otel init_module +* [9023](https://github.com/kubernetes/ingress-nginx/pull/9023) updates for fixing 1.3.1 release +* [9018](https://github.com/kubernetes/ingress-nginx/pull/9018) Add v1.25 test and reduce amount of e2e tests +* [9017](https://github.com/kubernetes/ingress-nginx/pull/9017) fix LD_LIBRARY_PATH for opentelemetry + +### Dependencies updates: + +* [9085](https://github.com/kubernetes/ingress-nginx/pull/9085) Bump actions/dependency-review-action from 2.1.0 to 2.4.0 +* [9084](https://github.com/kubernetes/ingress-nginx/pull/9084) Bump actions/checkout from 1 to 3 +* [9083](https://github.com/kubernetes/ingress-nginx/pull/9083) Bump github/codeql-action from 2.1.24 to 2.1.25 +* [9089](https://github.com/kubernetes/ingress-nginx/pull/9089) Bump k8s.io/component-base from 0.25.1 to 0.25.2 +* [9066](https://github.com/kubernetes/ingress-nginx/pull/9066) Bump github/codeql-action from 2.1.23 to 2.1.24 +* [9065](https://github.com/kubernetes/ingress-nginx/pull/9065) Bump k8s.io/component-base from 0.25.0 to 0.25.1 +* [9064](https://github.com/kubernetes/ingress-nginx/pull/9064) Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.2.0 +* [9057](https://github.com/kubernetes/ingress-nginx/pull/9057) bump go to v1.19.1 +* [9053](https://github.com/kubernetes/ingress-nginx/pull/9053) Bump ossf/scorecard-action from 2.0.2 to 2.0.3 +* [9052](https://github.com/kubernetes/ingress-nginx/pull/9052) Bump github/codeql-action from 2.1.22 to 2.1.23 +* [9045](https://github.com/kubernetes/ingress-nginx/pull/9045) Bump actions/upload-artifact from 3.0.0 to 3.1.0 +* [9044](https://github.com/kubernetes/ingress-nginx/pull/9044) Bump ossf/scorecard-action from 1.1.2 to 2.0.2 +* [9043](https://github.com/kubernetes/ingress-nginx/pull/9043) Bump k8s.io/klog/v2 from 2.80.0 to 2.80.1 +* [9022](https://github.com/kubernetes/ingress-nginx/pull/9022) Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.6 +* [9021](https://github.com/kubernetes/ingress-nginx/pull/9021) Bump k8s.io/klog/v2 from 2.70.1 to 2.80.0 + +## New Contributors +* @gunamata made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9035 +* @afro-coder made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8924 +* @wilmardo made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9074 +* @nicolasjulian made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9086 +* @mtneug made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9088 +* @knbnnate made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8692 +* @mklauber made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9104 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.3.1...controller-v1.4.0 + ### 1.3.1 -Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases. - -https://www.surveymonkey.com/r/ingressngx2022 - In v1.3.1 leader elections will be done entirely using the Lease API and no longer using configmaps. v1.3.0 is a safe transition version, using v1.3.0 can automatically complete the merging of election locks, and then you can safely upgrade to v1.3.1. diff --git a/README.md b/README.md index fce3fbb84..4cf990559 100644 --- a/README.md +++ b/README.md @@ -5,11 +5,14 @@ [![GitHub license](https://img.shields.io/github/license/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE) [![GitHub stars](https://img.shields.io/github/stars/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/stargazers) [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) -[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx?ref=badge_shield) -Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases. +### Community Update -https://www.surveymonkey.com/r/ingressngx2022 +We will discuss the results of our Community Survey, progress on the stabilization project, and ideas going +forward with the project at [Kubecon NA 2022 in Detroit](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/). Come join us and let us hear what you'd like to see in the +future for ingress-nginx. + +https://kccncna2022.sched.com/event/18lgl?iframe=no ## Overview @@ -35,6 +38,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.4.0 | 1.25, 1.24, 1.23 | 3.16.2 | 1.19.10† | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | | v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index 27a52e83a..3c3404ffd 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -2,6 +2,14 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 4.3.0 +- Support for Kubernetes v.1.25.0 was added and support for endpoint slices +- Support for Kubernetes v1.20.0 was removed +- [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices +- [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191 +- [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name +- [9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations + ### 4.2.1 - The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 08dcdb6ed..9cf62ecf9 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.5 -appVersion: 1.3.1 +version: 4.3.0 +appVersion: 1.4.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -25,5 +25,7 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" - - "fix permissions about configmap" + - "[8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices" + - "[9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191" + - "[9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name" + - "[9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index c9ee6e447..36490474a 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.5](https://img.shields.io/badge/Version-4.2.5-informational?style=flat-square) ![AppVersion: 1.3.1](https://img.shields.io/badge/AppVersion-1.3.1-informational?style=flat-square) +![Version: 4.3.0](https://img.shields.io/badge/Version-4.3.0-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -310,13 +310,13 @@ Kubernetes: `>=1.20.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974"` | | -| controller.image.digestChroot | string | `"sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1"` | | +| controller.image.digest | string | `"sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143"` | | +| controller.image.digestChroot | string | `"sha256:b67e889f1db8692de7e41d4d9aef8de56645bf048261f31fa7f8bfc6ea2222a0"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.3.1"` | | +| controller.image.tag | string | `"v1.4.0"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 76d03fd72..a5f6dc776 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.3.1" - digest: sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 - digestChroot: sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1 + tag: "v1.4.0" + digest: sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + digestChroot: sha256:b67e889f1db8692de7e41d4d9aef8de56645bf048261f31fa7f8bfc6ea2222a0 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index cca1474d2..5c656bfae 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +359,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +392,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +415,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -511,7 +527,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -522,7 +538,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +552,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -558,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -569,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +601,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -607,7 +623,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -620,7 +636,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 20f2c665a..91886150d 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -334,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,7 +368,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -385,7 +401,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -408,7 +424,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -448,7 +464,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +539,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +550,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +564,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -570,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -581,7 +597,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +613,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -619,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -632,7 +648,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index f2f3d4ac9..bb9ce026c 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -371,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -394,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -433,7 +449,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -505,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -516,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +546,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -552,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -563,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +595,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -601,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -614,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index d7ba531c2..372c71909 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +388,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +411,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -435,7 +451,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -507,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -518,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -554,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -565,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +597,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -603,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -616,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index f24648b5e..c7da768ff 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -342,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -375,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -398,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -438,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -510,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -521,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +551,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -557,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -568,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +600,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -606,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -619,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 856fbfa8d..dfb0e8f7d 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -348,7 +364,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -381,7 +397,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -404,7 +420,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -444,7 +460,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -516,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -527,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -541,7 +557,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -563,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -574,7 +590,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -590,7 +606,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -612,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -625,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 5291d2d33..cde5ece76 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -371,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -394,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +537,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +548,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +562,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -568,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -579,7 +595,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -595,7 +611,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -617,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -630,7 +646,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index a43df9de4..25880d180 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -342,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -375,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -398,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -438,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -510,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -521,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +551,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -557,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -568,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +600,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -606,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -619,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 5a0b6bfb8..167c700b8 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -61,7 +61,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -224,7 +224,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -232,10 +232,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -281,7 +281,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -298,7 +298,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -306,7 +306,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -314,7 +314,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -329,7 +329,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml ``` A @@ -346,7 +346,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), From fd23ca75a62400c142b53b11c775cea9022c734e Mon Sep 17 00:00:00 2001 From: yutachaos <18604471+yutachaos@users.noreply.github.com> Date: Tue, 4 Oct 2022 02:42:15 +0900 Subject: [PATCH 309/494] Fixed to supported versions (#9117) --- Changelog.md | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Changelog.md b/Changelog.md index 4fda4aee4..34b49e28a 100644 --- a/Changelog.md +++ b/Changelog.md @@ -27,7 +27,7 @@ If you notice any issues, *please* ping [Ben Elder](https://twitter.com/BenTheEl [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) * Update to Prometheus metric names, more information [available here]( https://github.com/kubernetes/ingress-nginx/pull/8728 ) -* Deprecated Kubernetes versions 1.20-1.21, Added support for, 1.25, currently supported versions v1.23, v1.24, v1.25 +* Deprecated Kubernetes versions 1.20-1.21, Added support for, 1.25, currently supported versions v1.22, v1.23, v1.24, v1.25 ADDED * `_request_duration_seconds` Histogram diff --git a/README.md b/README.md index 4cf990559..1af0a6000 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| -| v1.4.0 | 1.25, 1.24, 1.23 | 3.16.2 | 1.19.10† | +| v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | | v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | From fd7281c70396637640d32932d13e8956a39f0ca2 Mon Sep 17 00:00:00 2001 From: "Leon(@mediocreDevops)" Date: Tue, 4 Oct 2022 14:36:15 +0530 Subject: [PATCH 310/494] Updated incorrect version number in the Installation Guide (#9120) Fixes the incorrect version v.1.4.0 to v1.4.0 Signed-off-by: afro-coder Signed-off-by: afro-coder --- docs/deploy/index.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 167c700b8..eed695ac9 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -61,7 +61,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -224,7 +224,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -232,10 +232,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -281,7 +281,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -298,7 +298,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -306,7 +306,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -314,7 +314,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -329,7 +329,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml ``` A @@ -346,7 +346,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), From 172d30239e8eef73b2db85be5ae5990300bed13a Mon Sep 17 00:00:00 2001 From: "Leon(@mediocreDevops)" <8469842+afro-coder@users.noreply.github.com> Date: Tue, 4 Oct 2022 16:12:15 +0530 Subject: [PATCH 311/494] Updated the Developer guide with New Contributor information (#9114) Added more clarity to the docs with regards to the getting-started page for developers. Signed-off-by: afro-coder Signed-off-by: afro-coder --- docs/developer-guide/getting-started.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/developer-guide/getting-started.md b/docs/developer-guide/getting-started.md index fbf251790..9f4be8fcc 100644 --- a/docs/developer-guide/getting-started.md +++ b/docs/developer-guide/getting-started.md @@ -1,7 +1,15 @@ -# Developing for NGINX Ingress Controller + Developing for NGINX Ingress Controller This document explains how to get started with developing for NGINX Ingress controller. +For the really new contributors, who want to contribute to the INGRESS-NGINX project, but need help with understanding some basic concepts, +that are needed to work with the Kubernetes ingress resource, here is a link to the [New Contributors Guide](https://github.com/kubernetes/ingress-nginx/blob/main/NEW_CONTRIBUTOR.md). +This guide contains tips on how a http/https request travels, from a browser or a curl command, +to the webserver process running inside a container, in a pod, in a Kubernetes cluster, but enters the cluster via a ingress resource. +For those who are familiar with those basic networking concepts like routing of a packet with regards to a +http request, termination of connection, reverseproxy etc. etc., you can skip this and move on to the sections below. +(or read it anyways just for context and also provide feedbacks if any) + ## Prerequisites Install [Go 1.14](https://golang.org/dl/) or later. @@ -88,6 +96,3 @@ and then publish such version with ```console docker push $REGISTRY/controller:$TAG ``` - -### New Contributor Tips -New contributors can refer to the [new contributor tips](https://github.com/kubernetes/ingress-nginx/blob/main/NEW_CONTRIBUTOR.md) which will be updated with examples and tips. From 2645b5c0e4a44223106ef998c8455ec4a9225c0c Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 4 Oct 2022 12:06:16 -0300 Subject: [PATCH 312/494] Remove deprecated net dependency (#9110) --- TAG | 2 +- go.mod | 2 +- test/e2e/annotations/grpc.go | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/TAG b/TAG index 0d0c52f84..97a3c26fd 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.0 +v1.4.0-old diff --git a/go.mod b/go.mod index 471e7749e..01efaba68 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,6 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd - golang.org/x/net v0.0.0-20220722155237-a158d28d115b google.golang.org/grpc v1.49.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 @@ -106,6 +105,7 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect + golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect diff --git a/test/e2e/annotations/grpc.go b/test/e2e/annotations/grpc.go index dfe8141ee..39349e701 100644 --- a/test/e2e/annotations/grpc.go +++ b/test/e2e/annotations/grpc.go @@ -21,10 +21,11 @@ import ( "fmt" "strings" + "context" + pb "github.com/moul/pb/grpcbin/go-grpc" "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" - "golang.org/x/net/context" "google.golang.org/grpc" "google.golang.org/grpc/credentials" "google.golang.org/grpc/metadata" From 2cc2ec85fc03e6c48820cf81a27cac8b4d202a10 Mon Sep 17 00:00:00 2001 From: yutachaos <18604471+yutachaos@users.noreply.github.com> Date: Wed, 5 Oct 2022 01:18:16 +0900 Subject: [PATCH 313/494] Fixed docs helm-docs version (#9121) --- RELEASE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE.md b/RELEASE.md index 210277942..589b9ee7f 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -233,7 +233,7 @@ Promoting the images basically means that images, that were pushed to staging co - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md ``` - GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.6.0 + GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts git diff --exit-code rm -f ./helm-docs From 00f86f7f342730ee27fbdb651fd874a2962f4120 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 4 Oct 2022 14:08:17 -0400 Subject: [PATCH 314/494] update x/net to remove vul CVE-2022-27664 (#9109) Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/ci.yaml | 1 + .github/workflows/perftest.yaml | 9 +++++---- TAG | 2 +- go.mod | 4 ++-- go.sum | 8 ++++---- 5 files changed, 13 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 07948ef78..45e1cd981 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -165,6 +165,7 @@ jobs: - name: Run Artifact Hub lint run: | wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz + echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah ./ah lint -p charts/ingress-nginx || exit 1 rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index d498a216a..3d848ecfe 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -1,13 +1,13 @@ name: Performance Test -on: +on: workflow_dispatch: inputs: logLevel: - description: 'Log level' + description: 'Log level' required: true default: 'warning' tags: - description: 'K6 Load Test' + description: 'K6 Load Test' permissions: contents: read @@ -19,10 +19,11 @@ jobs: steps: - name: Checkout uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - + - name: Install K6 run: | wget https://github.com/grafana/k6/releases/download/v0.38.2/k6-v0.38.2-linux-amd64.tar.gz + echo '7c9e5a26aaa2c638c042f6dfda7416161b8d2e0d4cb930721a38083b8be109ab *k6-v0.38.2-linux-amd64.tar.gz' | shasum -c tar -xvf k6-v0.38.2-linux-amd64.tar.gz k6-v0.38.2-linux-amd64/k6 mv k6-v0.38.2-linux-amd64/k6 . ./k6 diff --git a/TAG b/TAG index 97a3c26fd..a5b25f766 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.0-old +v1.4.0q diff --git a/go.mod b/go.mod index 01efaba68..8430764e5 100644 --- a/go.mod +++ b/go.mod @@ -105,9 +105,9 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect + golang.org/x/net v0.0.0-20220906165146-f3363e06e74c // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect + golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect diff --git a/go.sum b/go.sum index 65fb4ee78..fb6d6741e 100644 --- a/go.sum +++ b/go.sum @@ -743,8 +743,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220906165146-f3363e06e74c h1:yKufUcDwucU5urd+50/Opbt4AYpqthk7wHpHok8f1lo= +golang.org/x/net v0.0.0-20220906165146-f3363e06e74c/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -851,8 +851,8 @@ golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= From c211aa83d3fee9d1d9e3b631cbecb7035b8fefa8 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 5 Oct 2022 09:01:32 -0600 Subject: [PATCH 315/494] fix wrong tag --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index a5b25f766..0d0c52f84 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.0q +v1.4.0 From 83aa9e472fa7dbca1b371db117b2a582d55ac6d3 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 5 Oct 2022 18:14:05 +0200 Subject: [PATCH 316/494] Rename controller-wehbooks-networkpolicy.yaml -> controller-webhooks-networkpolicy.yaml. (#9123) --- ...-networkpolicy.yaml => controller-webhooks-networkpolicy.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename charts/ingress-nginx/templates/{controller-wehbooks-networkpolicy.yaml => controller-webhooks-networkpolicy.yaml} (100%) diff --git a/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml b/charts/ingress-nginx/templates/controller-webhooks-networkpolicy.yaml similarity index 100% rename from charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml rename to charts/ingress-nginx/templates/controller-webhooks-networkpolicy.yaml From 796cdf734e880a34b921f0d6c69994e67b5320bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Oct 2022 06:23:22 -0700 Subject: [PATCH 317/494] Bump helm/chart-releaser-action from 1.4.0 to 1.4.1 (#9136) Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 49ef6acd4..0be3841da 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -64,7 +64,7 @@ jobs: git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Helm Chart Releaser - uses: helm/chart-releaser-action@v1.4.0 + uses: helm/chart-releaser-action@v1.4.1 env: CR_SKIP_EXISTING: "false" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From aaa336f207f3b830dfc2cdc49b01fecc19bf4b87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Oct 2022 06:25:23 -0700 Subject: [PATCH 318/494] Bump github/codeql-action from 2.1.25 to 2.1.27 (#9137) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.25 to 2.1.27. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/86f3159a697a097a813ad9bfa0002412d97690a4...807578363a7869ca324a79039e6db9c843e0e100) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2e13deea0..5a93a5d49 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@86f3159a697a097a813ad9bfa0002412d97690a4 # v2.1.14 + uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 0ef654160..130391a8a 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@86f3159a697a097a813ad9bfa0002412d97690a4 + uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 3f40eb02cd470bae572abe090b0aebaf5363cadc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Oct 2022 06:31:21 -0700 Subject: [PATCH 319/494] Bump ossf/scorecard-action from 2.0.3 to 2.0.4 (#9138) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.3 to 2.0.4. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/865b4092859256271290c77adbd10a43f4779972...e363bfca00e752f91de7b7d2a77340e2e523cb18) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 5a93a5d49..d57f7c99d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972 # v1.1.1 + uses: ossf/scorecard-action@e363bfca00e752f91de7b7d2a77340e2e523cb18 # v1.1.1 with: results_file: results.sarif results_format: sarif From c42b68eeadc57d2e8ec9e8daee4d4920ead6c181 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Oct 2022 12:33:01 -0700 Subject: [PATCH 320/494] Bump google.golang.org/grpc from 1.49.0 to 1.50.0 (#9134) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.49.0 to 1.50.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.49.0...v1.50.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8430764e5..378ef56e8 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd - google.golang.org/grpc v1.49.0 + google.golang.org/grpc v1.50.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.2 diff --git a/go.sum b/go.sum index fb6d6741e..ada03d47a 100644 --- a/go.sum +++ b/go.sum @@ -1065,8 +1065,8 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw= -google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.0 h1:fPVVDxY9w++VjTZsYvXWqEf9Rqar/e+9zYfxKK+W+YU= +google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From ea254fbcb15b9614961074cba63b52a5d6d06f03 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Oct 2022 12:35:02 -0700 Subject: [PATCH 321/494] Bump actions/checkout from 3.0.2 to 3.1.0 (#9135) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/2541b1294d2704b0964813337f33b291d3f8596b...93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 16 ++++++++-------- .github/workflows/depreview.yaml | 2 +- .github/workflows/docs.yaml | 4 ++-- .github/workflows/helm.yaml | 4 ++-- .github/workflows/perftest.yaml | 2 +- .github/workflows/plugin.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 4 ++-- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 45e1cd981..8b29a85d6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 id: filter @@ -50,7 +50,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Run Gosec Security Scanner uses: securego/gosec@19fa856badad483cae700ee1213dd7f1a933d6d3 # master @@ -68,7 +68,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Set up Go 1.19.1 id: go @@ -135,7 +135,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Setup Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 @@ -218,7 +218,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: cache uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2 @@ -275,7 +275,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: cache uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 @@ -326,7 +326,7 @@ jobs: PLATFORMS: linux/amd64,linux/arm64 steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 id: filter-images @@ -393,7 +393,7 @@ jobs: PLATFORMS: linux/amd64 steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 id: filter-images diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index d69c1a0c8..1809c531c 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' uses: actions/dependency-review-action@375c5370086bfff256c37f8beec0f437e2e72ae1 #v2.0.2 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 834859aa0..cb183577a 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 id: filter @@ -49,7 +49,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: Deploy uses: ./.github/actions/mkdocs diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 0be3841da..abfdda1c8 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 id: filter @@ -52,7 +52,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index 3d848ecfe..a9206d9ef 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 - name: Install K6 run: | diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 319055b62..42b7f043b 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d57f7c99d..c06db13ca 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.0 with: persist-credentials: false diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 130391a8a..0cfdb6375 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: versions: ${{ steps.version.outputs.TAGS }} steps: - name: Checkout code - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 with: fetch-depth: 0 @@ -52,7 +52,7 @@ jobs: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - name: Checkout code - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 - shell: bash id: test From 93df796767929ffd9dce2b8e65de376e9e0ab90e Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 12 Oct 2022 15:39:00 -0400 Subject: [PATCH 322/494] upgrade to golang 1.19.2 (#9124) * upgrade to golang 1.19.2 Signed-off-by: James Strong * update e2e testing to 1.25 kind Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/ci.yaml | 10 ++++---- .github/workflows/plugin.yaml | 2 +- Makefile | 10 -------- build/dev-env.sh | 25 +++---------------- build/kind.yaml | 18 +++++++++++++ build/run-in-docker.sh | 10 -------- .../rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 2 +- images/test-runner/Makefile | 2 +- test/e2e/run.sh | 2 +- 10 files changed, 31 insertions(+), 52 deletions(-) create mode 100644 build/kind.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8b29a85d6..8e8eb6631 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -70,11 +70,11 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - name: Set up Go 1.19.1 + - name: Set up Go 1.19.2 id: go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.1' + go-version: '1.19.2' - name: Set up QEMU uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 #v2.0.0 @@ -140,7 +140,7 @@ jobs: - name: Setup Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.1' + go-version: '1.19.2' - name: cache uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3 @@ -411,12 +411,12 @@ jobs: version: v0.15.0 image: kindest/node:v1.25.2 - - name: Set up Go 1.19.1 + - name: Set up Go 1.19.2 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.1' + go-version: '1.19.2' - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 42b7f043b..ff11b713c 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -24,7 +24,7 @@ jobs: - name: Set up Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: 1.19.1 + go-version: 1.19.2 - name: Run GoReleaser uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.0.0 diff --git a/Makefile b/Makefile index 7a62d6f61..8204a2087 100644 --- a/Makefile +++ b/Makefile @@ -53,14 +53,6 @@ ifneq ($(PLATFORM),) PLATFORM_FLAG="--platform" endif -MAC_OS = $(shell uname -s) - -ifeq ($(MAC_OS), Darwin) - MAC_DOCKER_FLAGS="--load" -else - MAC_DOCKER_FLAGS= -endif - REGISTRY ?= gcr.io/k8s-staging-ingress-nginx BASE_IMAGE ?= $(shell cat NGINX_BASE) @@ -76,7 +68,6 @@ image: clean-image ## Build image for a particular arch. docker build \ ${PLATFORM_FLAG} ${PLATFORM} \ --no-cache \ - $(MAC_DOCKER_FLAGS) \ --pull \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ @@ -94,7 +85,6 @@ image-chroot: clean-chroot-image ## Build image for a particular arch. echo "Building docker image ($(ARCH))..." docker build \ --no-cache \ - $(MAC_DOCKER_FLAGS) \ --pull \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ diff --git a/build/dev-env.sh b/build/dev-env.sh index ae6860726..09609367a 100755 --- a/build/dev-env.sh +++ b/build/dev-env.sh @@ -62,32 +62,13 @@ echo "[dev-env] building image" make build image docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}" -export K8S_VERSION=${K8S_VERSION:-v1.24.2@sha256:1f0cee2282f43150b52dc7933183ed96abdcfc8d293f30ec07082495874876f1} +export K8S_VERSION=${K8S_VERSION:-v1.25.2@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace} KIND_CLUSTER_NAME="ingress-nginx-dev" if ! kind get clusters -q | grep -q ${KIND_CLUSTER_NAME}; then -echo "[dev-env] creating Kubernetes cluster with kind" -cat < Date: Thu, 13 Oct 2022 03:45:02 +0800 Subject: [PATCH 323/494] fix e2e resource leak when ginkgo exit before clear resource (#9103) --- test/e2e/framework/framework.go | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index 4946c13b2..662cd0879 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -121,11 +121,9 @@ func (f *Framework) CreateEnvironment() { } func (f *Framework) DestroyEnvironment() { - go func() { - defer ginkgo.GinkgoRecover() - err := DeleteKubeNamespace(f.KubeClientSet, f.Namespace) - assert.Nil(ginkgo.GinkgoT(), err, "deleting namespace %v", f.Namespace) - }() + defer ginkgo.GinkgoRecover() + err := DeleteKubeNamespace(f.KubeClientSet, f.Namespace) + assert.Nil(ginkgo.GinkgoT(), err, "deleting namespace %v", f.Namespace) } // BeforeEach gets a client and makes a namespace. @@ -151,11 +149,9 @@ func (f *Framework) AfterEach() { defer f.DestroyEnvironment() defer func(kubeClient kubernetes.Interface, ingressclass string) { - go func() { - defer ginkgo.GinkgoRecover() - err := deleteIngressClass(kubeClient, ingressclass) - assert.Nil(ginkgo.GinkgoT(), err, "deleting IngressClass") - }() + defer ginkgo.GinkgoRecover() + err := deleteIngressClass(kubeClient, ingressclass) + assert.Nil(ginkgo.GinkgoT(), err, "deleting IngressClass") }(f.KubeClientSet, f.IngressClass) if !ginkgo.CurrentSpecReport().Failed() { From 6aac00648b6353d25e455594c525d07cf6d80960 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Thu, 13 Oct 2022 00:41:04 +0200 Subject: [PATCH 324/494] fix: handle 401 and 403 by external auth (#9131) --- rootfs/etc/nginx/template/nginx.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index c315e4ee9..92d2c9706 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -957,7 +957,7 @@ stream { set $proxy_upstream_name "-"; {{ if not ( empty $server.CertificateAuth.MatchCN ) }} - {{ if gt (len $server.CertificateAuth.MatchCN) 0 }} + {{ if gt (len $server.CertificateAuth.MatchCN) 0 }} if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) { return 403 "client certificate unauthorized"; } @@ -1288,7 +1288,7 @@ stream { {{- end }} return end - if res.status == ngx.HTTP_FORBIDDEN then + if res.status == ngx.HTTP_UNAUTHORIZED or res.status == ngx.HTTP_FORBIDDEN then ngx.exit(res.status) end ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) From e53d19ceb695f880d4886effc2444abf1e04ff41 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Wed, 12 Oct 2022 20:31:03 -0300 Subject: [PATCH 325/494] Move bowei to emeritus owner (#9150) --- OWNERS | 1 + OWNERS_ALIASES | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/OWNERS b/OWNERS index 20082fb1f..71f3328f1 100644 --- a/OWNERS +++ b/OWNERS @@ -8,3 +8,4 @@ reviewers: emeritus_approvers: - aledbf # 2020-04-02 +- bowei # 2022-10-12 diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 04b495b6b..49806abdb 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -7,7 +7,6 @@ aliases: - thockin ingress-nginx-admins: - - bowei - rikatz - strongjz From 499dbf57af5d0d7eb2fdb298cc89b5f4bf179854 Mon Sep 17 00:00:00 2001 From: Tomas Hulata Date: Thu, 13 Oct 2022 02:11:00 +0200 Subject: [PATCH 326/494] fix ports (#9149) --- internal/ingress/controller/endpointslices.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/ingress/controller/endpointslices.go b/internal/ingress/controller/endpointslices.go index efd2a6afa..5a24c3880 100644 --- a/internal/ingress/controller/endpointslices.go +++ b/internal/ingress/controller/endpointslices.go @@ -84,8 +84,8 @@ func getEndpointsFromSlices(s *corev1.Service, port *corev1.ServicePort, proto c // loop over all endpointSlices generated for service for _, eps := range epss { var ports []int32 - if len(eps.Ports) == 0 { - // When ports is empty, it indicates that there are no defined ports, using svc targePort <- this could be wrong + if len(eps.Ports) == 0 && port.TargetPort.Type == intstr.Int { + // When ports is empty, it indicates that there are no defined ports, using svc targePort if it's a number klog.V(3).Infof("No ports found on endpointSlice, using service TargetPort %v for Service %q", port.String(), svcKey) ports = append(ports, port.TargetPort.IntVal) } else { From 249780737c862a7cf690058511ee7126ddd0d788 Mon Sep 17 00:00:00 2001 From: FutureMatt <43476243+FutureMatt@users.noreply.github.com> Date: Thu, 13 Oct 2022 15:37:01 +0100 Subject: [PATCH 327/494] #7652 - Updated Helm chart to use the fullname for the electionID if not specified. (#9133) * Automatically generate electionID from the fullname or use the set value. * Updated the chart readme to include the new empty default. * Rebuilt the Helm readme with helm-docs. --- charts/ingress-nginx/README.md | 2 +- charts/ingress-nginx/templates/_helpers.tpl | 10 ++++++++++ charts/ingress-nginx/templates/_params.tpl | 2 +- charts/ingress-nginx/templates/controller-role.yaml | 4 ++-- charts/ingress-nginx/values.yaml | 4 ++-- 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 36490474a..06db4d991 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -291,7 +291,7 @@ Kubernetes: `>=1.20.0-0` | controller.customTemplate.configMapName | string | `""` | | | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | -| controller.electionID | string | `"ingress-controller-leader"` | Election ID to use for status update | +| controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' | | controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | | controller.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use | diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index e69de0c41..790a19350 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -85,6 +85,16 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Construct a unique electionID. +Users can provide an override for an explicit electionID if they want via `.Values.controller.electionID` +*/}} +{{- define "ingress-nginx.controller.electionID" -}} +{{- $defElectionID := printf "%s-leader" (include "ingress-nginx.fullname" .) -}} +{{- $electionID := default $defElectionID .Values.controller.electionID -}} +{{- print $electionID -}} +{{- end -}} + {{/* Construct the path for the publish-service. diff --git a/charts/ingress-nginx/templates/_params.tpl b/charts/ingress-nginx/templates/_params.tpl index 305ce0dd2..66c581fa6 100644 --- a/charts/ingress-nginx/templates/_params.tpl +++ b/charts/ingress-nginx/templates/_params.tpl @@ -10,7 +10,7 @@ - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}-internal {{- end }} {{- end }} -- --election-id={{ .Values.controller.electionID }} +- --election-id={{ include "ingress-nginx.controller.electionID" . }} - --controller-class={{ .Values.controller.ingressClassResource.controllerValue }} {{- if .Values.controller.ingressClass }} - --ingress-class={{ .Values.controller.ingressClass }} diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index d6da92ec9..395c88e10 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -68,7 +68,7 @@ rules: resources: - configmaps resourceNames: - - {{ .Values.controller.electionID }} + - {{ include "ingress-nginx.controller.electionID" . }} verbs: - get - update @@ -83,7 +83,7 @@ rules: resources: - leases resourceNames: - - {{ .Values.controller.electionID }} + - {{ include "ingress-nginx.controller.electionID" . }} verbs: - get - update diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index a5f6dc776..622244a11 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -99,8 +99,8 @@ controller: # -- 'hostPort' https port https: 443 - # -- Election ID to use for status update - electionID: ingress-controller-leader + # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' + electionID: "" ## This section refers to the creation of the IngressClass resource ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 From f89bd6d3288a0a76851ff947ab1f0eb4fadcea77 Mon Sep 17 00:00:00 2001 From: Sanghamitra-PERSONAL <78498010+Sanghamitra-PERSONAL@users.noreply.github.com> Date: Thu, 13 Oct 2022 22:01:05 +0200 Subject: [PATCH 328/494] Documentation added for implemented redirection in the proxy to ensure image pulling (#9098) * Documentation added for redirection in the proxy to ensure image pulling * Update troubleshooting.md * Update troubleshooting.md * Update troubleshooting.md --- docs/troubleshooting.md | 49 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 1e2e57c49..f2f5da47b 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -316,3 +316,52 @@ Note: The below is based on the nginx [documentation](https://docs.nginx.com/ngi ```console cat nginx_conf.txt ``` + +## Image related issues faced on Nginx 4.2.5 or other versions (Helm chart versions) + +1. Incase you face below error while installing Nginx using helm chart (either by helm commands or helm_release terraform provider ) +``` +Warning Failed 5m5s (x4 over 6m34s) kubelet Failed to pull image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": rpc error: code = Unknown desc = failed to pull and unpack image "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": failed to resolve reference "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": failed to do request: Head "https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": EOF +``` + Then please follow the below steps. + +2. During troubleshooting you can also execute the below commands to test the connectivities from you local machines and repositories details + + a. curl registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 > /dev/null + ``` + (⎈ |myprompt)➜ ~ curl registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 > /dev/null + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 + (⎈ |myprompt)➜ ~ + ``` + b. curl -I https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + ``` + (⎈ |myprompt)➜ ~ curl -I https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + HTTP/2 200 + docker-distribution-api-version: registry/2.0 + content-type: application/vnd.docker.distribution.manifest.list.v2+json + docker-content-digest: sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + content-length: 1384 + date: Wed, 28 Sep 2022 16:46:28 GMT + server: Docker Registry + x-xss-protection: 0 + x-frame-options: SAMEORIGIN + alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" + + (⎈ |myprompt)➜ ~ + ``` + Redirection in the proxy is implemented to ensure the pulling of the images. + +3. This is the solution recommended to whitelist the below image repositories : + ``` + *.appspot.com + *.k8s.io + *.pkg.dev + *.gcr.io + + ``` + More details about the above repos : + a. *.k8s.io -> To ensure you can pull any images from registry.k8s.io + b. *.gcr.io -> GCP services are used for image hosting. This is part of the domains suggested by GCP to allow and ensure users can pull images from their container registry services. + c. *.appspot.com -> This a Google domain. part of the domain used for GCR. From 739e85ce7cf2dbc13b710036a5c3fc465425c6e2 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 14 Oct 2022 00:10:46 -0400 Subject: [PATCH 329/494] updating runner with golang 1.19.2 (#9158) Signed-off-by: James Strong Signed-off-by: James Strong --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 21d3f2548..b0377f455 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220916-gd32f8c343@sha256:f3f26f1e2aef8b2013b731f041fd69bcd950d3118eecf4429551848f47305c0f} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221012-controller-v1.4.0-14-g93df79676@sha256:9ab6a412b0ea6ae77abc80309608976ec15141e146fa91ef4352400cb9051086} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index d0ed88972..ce46b93ab 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220916-gd32f8c343@sha256:f3f26f1e2aef8b2013b731f041fd69bcd950d3118eecf4429551848f47305c0f" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20221012-controller-v1.4.0-14-g93df79676@sha256:9ab6a412b0ea6ae77abc80309608976ec15141e146fa91ef4352400cb9051086" image: echo "..entered Makefile in /test/e2e-image" From a3bed7ae4c02a2821e1aa811ed3ede71a35ddb5d Mon Sep 17 00:00:00 2001 From: Aurelie Vache Date: Mon, 17 Oct 2022 17:39:07 +0200 Subject: [PATCH 330/494] feat: add ovhcloud (#9171) --- docs/deploy/index.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index eed695ac9..4cefb7c48 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -30,6 +30,7 @@ ingress controller for your particular environment or cloud provider. - ... [Scaleway](#scaleway) - ... [Exoscale](#exoscale) - ... [Oracle Cloud Infrastructure](#oracle-cloud-infrastructure) + - ... [OVHcloud](#ovhcloud) - ... [Bare-metal](#bare-metal-clusters) - [Miscellaneous](#miscellaneous) @@ -336,6 +337,16 @@ A [complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation. +### OVHcloud + +```console +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo update +helm -n ingress-nginx install ingress-nginx ingress-nginx/ingress-nginx --create-namespace +``` + +You can find the [complete tutorial](https://docs.ovh.com/gb/en/kubernetes/installing-nginx-ingress/). + ### Bare metal clusters This section is applicable to Kubernetes clusters deployed on bare metal servers, as well as "raw" VMs where Kubernetes From 5e0932a88518e8160431738c98ba7f08e01e6352 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Mon, 17 Oct 2022 17:47:08 +0200 Subject: [PATCH 331/494] GitHub Templates: Remove trailing whitespaces. (#9172) --- .github/ISSUE_TEMPLATE/cve_report.md | 2 +- .github/PULL_REQUEST_TEMPLATE.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/cve_report.md b/.github/ISSUE_TEMPLATE/cve_report.md index b5ecf7ecf..11789d479 100644 --- a/.github/ISSUE_TEMPLATE/cve_report.md +++ b/.github/ISSUE_TEMPLATE/cve_report.md @@ -8,7 +8,7 @@ assignees: - rikatz --- - diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index a14cc7004..e3781887a 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -64,5 +64,5 @@ Enter your extended release note in the block below. If the PR requires addition For more information on release notes see: https://git.k8s.io/community/contributors/guide/release-notes.md --> ```release-note -PLACE RELEASE NOTES HERE +PLACE RELEASE NOTES HERE ``` From 2740ab2de7f333b2df9a7f5eaa97c510a0bd45da Mon Sep 17 00:00:00 2001 From: cskinfill Date: Tue, 18 Oct 2022 08:41:20 -0400 Subject: [PATCH 332/494] Update CHANGELOG.md (#9147) --- charts/ingress-nginx/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index 3c3404ffd..2ec24733e 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -4,7 +4,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku ### 4.3.0 - Support for Kubernetes v.1.25.0 was added and support for endpoint slices -- Support for Kubernetes v1.20.0 was removed +- Support for Kubernetes v1.20.0 and v1.21.0 was removed - [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices - [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191 - [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name From 3ddbba3fde1717e0324ef3f17310dff17613385e Mon Sep 17 00:00:00 2001 From: jrhunger Date: Tue, 18 Oct 2022 10:17:20 -0400 Subject: [PATCH 333/494] add troubleshooting for port listen issues (#9185) --- docs/troubleshooting.md | 114 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index f2f5da47b..4b9820200 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -365,3 +365,117 @@ Warning Failed 5m5s (x4 over 6m34s) kubelet Failed to pull ima a. *.k8s.io -> To ensure you can pull any images from registry.k8s.io b. *.gcr.io -> GCP services are used for image hosting. This is part of the domains suggested by GCP to allow and ensure users can pull images from their container registry services. c. *.appspot.com -> This a Google domain. part of the domain used for GCR. + +## Unable to listen on port (80/443) +One possible reason for this error is lack of permission to bind to the port. Ports 80, 443, and any other port < 1024 are Linux privileged ports which historically could only be bound by root. The ingress-nginx-controller uses the CAP_NET_BIND_SERVICE [linux capability](https://man7.org/linux/man-pages/man7/capabilities.7.html) to allow binding these ports as a normal user (www-data / 101). This involves two components: +1. In the image, the /nginx-ingress-controller file has the cap_net_bind_service capability added (e.g. via [setcap](https://man7.org/linux/man-pages/man8/setcap.8.html)) +2. The NET_BIND_SERVICE capability is added to the container in the containerSecurityContext of the deployment. + +If encountering this on one/some node(s) and not on others, try to purge and pull a fresh copy of the image to the affected node(s), in case there has been corruption of the underlying layers to lose the capability on the executable. + +### Create a test pod +The /nginx-ingress-controller process exits/crashes when encountering this error, making it difficult to troubleshoot what is happening inside the container. To get around this, start an equivalent container running "sleep 3600", and exec into it for further troubleshooting. For example: +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: ingress-nginx-sleep + namespace: default + labels: + app: nginx +spec: + containers: + - name: nginx + image: ##_CONTROLLER_IMAGE_## + resources: + requests: + memory: "512Mi" + cpu: "500m" + limits: + memory: "1Gi" + cpu: "1" + command: ["sleep"] + args: ["3600"] + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + restartPolicy: Never + nodeSelector: + kubernetes.io/hostname: ##_NODE_NAME_## + tolerations: + - key: "node.kubernetes.io/unschedulable" + operator: "Exists" + effect: NoSchedule +``` +* update the namespace if applicable/desired +* replace `##_NODE_NAME_##` with the problematic node (or remove nodeSelector section if problem is not confined to one node) +* replace `##_CONTROLLER_IMAGE_##` with the same image as in use by your ingress-nginx deployment +* confirm the securityContext section matches what is in place for ingress-nginx-controller pods in your cluster + +Apply the YAML and open a shell into the pod. +Try to manually run the controller process: +```console +$ /nginx-ingress-controller +``` +You should get the same error as from the ingress controller pod logs. + +Confirm the capabilities are properly surfacing into the pod: +```console +$ grep CapBnd /proc/1/status +CapBnd: 0000000000000400 +``` +The above value has only net_bind_service enabled (per security context in YAML which adds that and drops all). If you get a different value, then you can decode it on another linux box (capsh not available in this container) like below, and then figure out why specified capabilities are not propagating into the pod/container. +```console +$ capsh --decode=0000000000000400 +0x0000000000000400=cap_net_bind_service +``` + +## Create a test pod as root +(Note, this may be restricted by PodSecurityPolicy, PodSecurityAdmission/Standards, OPA Gatekeeper, etc. in which case you will need to do the appropriate workaround for testing, e.g. deploy in a new namespace without the restrictions.) +To test further you may want to install additional utilities, etc. Modify the pod yaml by: +* changing runAsUser from 101 to 0 +* removing the "drop..ALL" section from the capabilities. + +Some things to try after shelling into this container: + +Try running the controller as the www-data (101) user: +```console +$ chmod 4755 /nginx-ingress-controller +$ /nginx-ingress-controller +``` +Examine the errors to see if there is still an issue listening on the port or if it passed that and moved on to other expected errors due to running out of context. + +Install the libcap package and check capabilities on the file: +```console +$ apk add libcap +(1/1) Installing libcap (2.50-r0) +Executing busybox-1.33.1-r7.trigger +OK: 26 MiB in 41 packages +$ getcap /nginx-ingress-controller +/nginx-ingress-controller cap_net_bind_service=ep +``` +(if missing, see above about purging image on the server and re-pulling) + +Strace the executable to see what system calls are being executed when it fails: +```console +$ apk add strace +(1/1) Installing strace (5.12-r0) +Executing busybox-1.33.1-r7.trigger +OK: 28 MiB in 42 packages +$ strace /nginx-ingress-controller +execve("/nginx-ingress-controller", ["/nginx-ingress-controller"], 0x7ffeb9eb3240 /* 131 vars */) = 0 +arch_prctl(ARCH_SET_FS, 0x29ea690) = 0 +... +``` From 82e454318c979feb8fec7d9247a6d13dba3201db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Oct 2022 07:19:20 -0700 Subject: [PATCH 334/494] Bump docker/setup-buildx-action from 2.0.0 to 2.1.0 (#9180) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/dc7b9719a96d48369863986a06765841d7ea23f6...95cb08cb2672c73d4ffd2f422e6d11953d2a9c70) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8e8eb6631..0031e6f19 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -81,7 +81,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # v2.0.0 + uses: docker/setup-buildx-action@95cb08cb2672c73d4ffd2f422e6d11953d2a9c70 # v2.0.0 with: version: latest From 92d75201af6acbc4d8b6a90c7a313824570beafa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Oct 2022 07:21:19 -0700 Subject: [PATCH 335/494] Bump dorny/paths-filter from 2.10.2 to 2.11.1 (#9183) Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 2.10.2 to 2.11.1. - [Release notes](https://github.com/dorny/paths-filter/releases) - [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md) - [Commits](https://github.com/dorny/paths-filter/compare/b2feaf19c27470162a626bd6fa8438ae5b263721...4512585405083f25c027a35db413c2b3b9006d50) --- updated-dependencies: - dependency-name: dorny/paths-filter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- .github/workflows/docs.yaml | 2 +- .github/workflows/helm.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0031e6f19..32ced69fc 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -28,7 +28,7 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} @@ -328,7 +328,7 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} @@ -395,7 +395,7 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index cb183577a..f02f0a17e 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -26,7 +26,7 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index abfdda1c8..4dadc9349 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -27,7 +27,7 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} From c7fef553c0e128e3a263858aace82f1f17db9e88 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 19 Oct 2022 10:59:20 -0400 Subject: [PATCH 336/494] start 1.4.1 release Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 0d0c52f84..66d62a800 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.0 +v1.4.1 From 533a79590eb81010e97868bcb73a54bf8c4f0097 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:31:07 -0700 Subject: [PATCH 337/494] Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#9173) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 378ef56e8..78f133077 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/prometheus/client_golang v1.13.0 github.com/prometheus/client_model v0.2.0 github.com/prometheus/common v0.37.0 - github.com/spf13/cobra v1.5.0 + github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 github.com/yudai/gojsondiff v1.0.0 @@ -82,7 +82,7 @@ require ( github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect - github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect diff --git a/go.sum b/go.sum index ada03d47a..8bb651b85 100644 --- a/go.sum +++ b/go.sum @@ -351,8 +351,9 @@ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1: github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= +github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -548,8 +549,8 @@ github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= -github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= -github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= +github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI= +github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= From 8234954b7df1a3b39dd1f7d657ccb56afefa6a18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:33:02 -0700 Subject: [PATCH 338/494] Bump google.golang.org/grpc from 1.50.0 to 1.50.1 (#9174) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.50.0 to 1.50.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.50.0...v1.50.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 78f133077..f7ce612ac 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd - google.golang.org/grpc v1.50.0 + google.golang.org/grpc v1.50.1 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.2 diff --git a/go.sum b/go.sum index 8bb651b85..3e0f1c972 100644 --- a/go.sum +++ b/go.sum @@ -1066,8 +1066,8 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.50.0 h1:fPVVDxY9w++VjTZsYvXWqEf9Rqar/e+9zYfxKK+W+YU= -google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY= +google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From 7dd4a6eb0045e616fdc4e488d2ecb0ff2236a1dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:35:04 -0700 Subject: [PATCH 339/494] Bump k8s.io/component-base from 0.25.2 to 0.25.3 (#9175) Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.25.2 to 0.25.3. - [Release notes](https://github.com/kubernetes/component-base/releases) - [Commits](https://github.com/kubernetes/component-base/compare/v0.25.2...v0.25.3) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index f7ce612ac..912f65e0f 100644 --- a/go.mod +++ b/go.mod @@ -29,14 +29,14 @@ require ( google.golang.org/grpc v1.50.1 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.25.2 + k8s.io/api v0.25.3 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.25.2 + k8s.io/apimachinery v0.25.3 k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 - k8s.io/client-go v0.25.2 + k8s.io/client-go v0.25.3 k8s.io/code-generator v0.23.5 - k8s.io/component-base v0.25.2 + k8s.io/component-base v0.25.3 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 diff --git a/go.sum b/go.sum index 3e0f1c972..5e1e1a335 100644 --- a/go.sum +++ b/go.sum @@ -1135,26 +1135,26 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.25.2 h1:v6G8RyFcwf0HR5jQGIAYlvtRNrxMJQG1xJzaSeVnIS8= -k8s.io/api v0.25.2/go.mod h1:qP1Rn4sCVFwx/xIhe+we2cwBLTXNcheRyYXwajonhy0= +k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ= +k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs= -k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA= +k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc= +k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo= -k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4= +k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0= +k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= -k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY= -k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60= +k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4= +k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From 9f1e0fddad42887fa5c9f0ede833e75e85a93b0d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:37:02 -0700 Subject: [PATCH 340/494] Bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 (#9176) Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.5.4 to 1.6.0. - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](https://github.com/fsnotify/fsnotify/compare/v1.5.4...v1.6.0) --- updated-dependencies: - dependency-name: github.com/fsnotify/fsnotify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 912f65e0f..c4bfc8062 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.19 require ( github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a github.com/eapache/channels v1.1.0 - github.com/fsnotify/fsnotify v1.5.4 + github.com/fsnotify/fsnotify v1.6.0 github.com/imdario/mergo v0.3.13 github.com/json-iterator/go v1.1.12 github.com/kylelemons/godebug v1.1.0 @@ -107,7 +107,7 @@ require ( golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/net v0.0.0-20220906165146-f3363e06e74c // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect + golang.org/x/sys v0.0.0-20220908164124-27713097b956 // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect diff --git a/go.sum b/go.sum index 5e1e1a335..8c60778dc 100644 --- a/go.sum +++ b/go.sum @@ -175,8 +175,8 @@ github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoD github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= -github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= +github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= @@ -851,9 +851,8 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220908164124-27713097b956 h1:XeJjHH1KiLpKGb6lvMiksZ9l0fVUh+AmGcm0nOMEBOY= +golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= From c18cb467aafdcd9cf27c7bf18962a986b9d81737 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:39:03 -0700 Subject: [PATCH 341/494] Bump github.com/onsi/ginkgo/v2 from 2.2.0 to 2.3.1 (#9177) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.2.0 to 2.3.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.2.0...v2.3.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index c4bfc8062..c4b4d2de2 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.2.0 + github.com/onsi/ginkgo/v2 v2.3.1 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 diff --git a/go.sum b/go.sum index 8c60778dc..c5b331a8f 100644 --- a/go.sum +++ b/go.sum @@ -457,12 +457,12 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI= -github.com/onsi/ginkgo/v2 v2.2.0/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= +github.com/onsi/ginkgo/v2 v2.3.1 h1:8SbseP7qM32WcvE6VaN6vfXxv698izmsJ1UQX9ve7T8= +github.com/onsi/ginkgo/v2 v2.3.1/go.mod h1:Sv4yQXwG5VmF7tm3Q5Z+RWUpPo24LF1mpnz2crUb8Ys= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q= +github.com/onsi/gomega v1.22.0 h1:AIg2/OntwkBiCg5Tt1ayyiF1ArFrWFoCSMtMi/wdApk= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= From 2ebb6b9c7377f308b948206c87203be8ef0a90c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:41:01 -0700 Subject: [PATCH 342/494] Bump geekyeggo/delete-artifact from 1.0.0 to 2.0.0 (#9178) Bumps [geekyeggo/delete-artifact](https://github.com/geekyeggo/delete-artifact) from 1.0.0 to 2.0.0. - [Release notes](https://github.com/geekyeggo/delete-artifact/releases) - [Commits](https://github.com/geekyeggo/delete-artifact/compare/b73cb986740e466292a536d0e32e2666c56fdeb3...54ab544f12cdb7b71613a16a2b5a37a9ade990af) --- updated-dependencies: - dependency-name: geekyeggo/delete-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 32ced69fc..9cc4bdd9b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -182,7 +182,7 @@ jobs: version: v0.15.0 image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1 with: name: docker.tar.gz failOnError: false @@ -233,7 +233,7 @@ jobs: config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1 with: name: docker.tar.gz failOnError: false @@ -290,7 +290,7 @@ jobs: config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af with: name: docker.tar.gz failOnError: false From 98505a2c198654a541e0edd2617fcb81c1b80e65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:43:02 -0700 Subject: [PATCH 343/494] Bump actions/dependency-review-action from 2.4.0 to 2.5.0 (#9179) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/375c5370086bfff256c37f8beec0f437e2e72ae1...fd675ced9c17f1393071e1a2e685ab527e585a0c) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 1809c531c..18ab95a6a 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@375c5370086bfff256c37f8beec0f437e2e72ae1 #v2.0.2 + uses: actions/dependency-review-action@fd675ced9c17f1393071e1a2e685ab527e585a0c #v2.0.2 From 8a83748d0f34b5c7f40b8f483073d1173a338fd1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:45:02 -0700 Subject: [PATCH 344/494] Bump docker/setup-qemu-action from 2.0.0 to 2.1.0 (#9181) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/8b122486cedac8393e77aa9734c3528886e4a1a8...e81a89b1732b9c48d79cd809d8d81d79c4647a18) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9cc4bdd9b..49746e9a0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -77,7 +77,7 @@ jobs: go-version: '1.19.2' - name: Set up QEMU - uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 #v2.0.0 + uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 #v2.0.0 - name: Set up Docker Buildx id: buildx From 5f2a79495a65c57106d8fab00bc95a029c3a8aab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:47:02 -0700 Subject: [PATCH 345/494] Bump securego/gosec from 2.13.1 to 2.14.0 (#9182) Bumps [securego/gosec](https://github.com/securego/gosec) from 2.13.1 to 2.14.0. - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](https://github.com/securego/gosec/compare/19fa856badad483cae700ee1213dd7f1a933d6d3...1af1d5bb49259b62e45c505db397dd2ada5d74f8) --- updated-dependencies: - dependency-name: securego/gosec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 49746e9a0..93caa3b4c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -53,7 +53,7 @@ jobs: uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Run Gosec Security Scanner - uses: securego/gosec@19fa856badad483cae700ee1213dd7f1a933d6d3 # master + uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # master with: # G601 for zz_generated.deepcopy.go # G306 TODO: Expect WriteFile permissions to be 0600 or less From 84614b99c3ce5c7cbbe0cf0ae12c466e73f123a8 Mon Sep 17 00:00:00 2001 From: Kir Shatrov Date: Thu, 20 Oct 2022 22:57:25 +0300 Subject: [PATCH 346/494] Implement parseFloat for annotations (#9195) --- internal/ingress/annotations/parser/main.go | 22 ++++++++++ .../ingress/annotations/parser/main_test.go | 41 +++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/internal/ingress/annotations/parser/main.go b/internal/ingress/annotations/parser/main.go index b39e409b9..107a278b0 100644 --- a/internal/ingress/annotations/parser/main.go +++ b/internal/ingress/annotations/parser/main.go @@ -80,6 +80,18 @@ func (a ingAnnotations) parseInt(name string) (int, error) { return 0, errors.ErrMissingAnnotations } +func (a ingAnnotations) parseFloat32(name string) (float32, error) { + val, ok := a[name] + if ok { + i, err := strconv.ParseFloat(val, 32) + if err != nil { + return 0, errors.NewInvalidAnnotationContent(name, val) + } + return float32(i), nil + } + return 0, errors.ErrMissingAnnotations +} + func checkAnnotation(name string, ing *networking.Ingress) error { if ing == nil || len(ing.GetAnnotations()) == 0 { return errors.ErrMissingAnnotations @@ -122,6 +134,16 @@ func GetIntAnnotation(name string, ing *networking.Ingress) (int, error) { return ingAnnotations(ing.GetAnnotations()).parseInt(v) } +// GetFloatAnnotation extracts a float32 from an Ingress annotation +func GetFloatAnnotation(name string, ing *networking.Ingress) (float32, error) { + v := GetAnnotationWithPrefix(name) + err := checkAnnotation(v, ing) + if err != nil { + return 0, err + } + return ingAnnotations(ing.GetAnnotations()).parseFloat32(v) +} + // GetAnnotationWithPrefix returns the prefix of ingress annotations func GetAnnotationWithPrefix(suffix string) string { return fmt.Sprintf("%v/%v", AnnotationsPrefix, suffix) diff --git a/internal/ingress/annotations/parser/main_test.go b/internal/ingress/annotations/parser/main_test.go index 7b01a1230..318e024d3 100644 --- a/internal/ingress/annotations/parser/main_test.go +++ b/internal/ingress/annotations/parser/main_test.go @@ -130,6 +130,47 @@ rewrite (?i)/arcgis/services/Utilities/Geometry/GeometryServer(.*)$ /arcgis/serv } } +func TestGetFloatAnnotation(t *testing.T) { + ing := buildIngress() + + _, err := GetFloatAnnotation("", nil) + if err == nil { + t.Errorf("expected error but retuned nil") + } + + tests := []struct { + name string + field string + value string + exp float32 + expErr bool + }{ + {"valid - A", "string", "1.5", 1.5, false}, + {"valid - B", "string", "2", 2, false}, + {"valid - C", "string", "100.0", 100, false}, + } + + data := map[string]string{} + ing.SetAnnotations(data) + + for _, test := range tests { + data[GetAnnotationWithPrefix(test.field)] = test.value + + s, err := GetFloatAnnotation(test.field, ing) + if test.expErr { + if err == nil { + t.Errorf("%v: expected error but retuned nil", test.name) + } + continue + } + if s != test.exp { + t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.name, test.exp, s) + } + + delete(data, test.field) + } +} + func TestGetIntAnnotation(t *testing.T) { ing := buildIngress() From f2ed5d17f672abf2dcda53811e0272357c0d02d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 05:10:26 -0700 Subject: [PATCH 347/494] Bump github.com/onsi/ginkgo/v2 from 2.3.1 to 2.4.0 (#9201) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.3.1 to 2.4.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.3.1...v2.4.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 31 +++++++++++++++++-------------- 2 files changed, 25 insertions(+), 22 deletions(-) diff --git a/go.mod b/go.mod index c4b4d2de2..b320fe44b 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.3.1 + github.com/onsi/ginkgo/v2 v2.4.0 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.8.0 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a - golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd + golang.org/x/crypto v0.1.0 google.golang.org/grpc v1.50.1 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 @@ -104,14 +104,14 @@ require ( github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/net v0.0.0-20220906165146-f3363e06e74c // indirect + golang.org/x/mod v0.6.0 // indirect + golang.org/x/net v0.1.0 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.0.0-20220908164124-27713097b956 // indirect - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect - golang.org/x/text v0.3.7 // indirect + golang.org/x/sys v0.1.0 // indirect + golang.org/x/term v0.1.0 // indirect + golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.1.12 // indirect + golang.org/x/tools v0.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect google.golang.org/protobuf v1.28.1 // indirect diff --git a/go.sum b/go.sum index c5b331a8f..9ce9078e4 100644 --- a/go.sum +++ b/go.sum @@ -457,12 +457,12 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.3.1 h1:8SbseP7qM32WcvE6VaN6vfXxv698izmsJ1UQX9ve7T8= -github.com/onsi/ginkgo/v2 v2.3.1/go.mod h1:Sv4yQXwG5VmF7tm3Q5Z+RWUpPo24LF1mpnz2crUb8Ys= +github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= +github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.22.0 h1:AIg2/OntwkBiCg5Tt1ayyiF1ArFrWFoCSMtMi/wdApk= +github.com/onsi/gomega v1.22.1 h1:pY8O4lBfsHKZHM/6nrxkhVPUznOlIu3quZcKP/M20KI= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -653,8 +653,8 @@ golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38= -golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -690,8 +690,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= +golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -744,8 +744,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220906165146-f3363e06e74c h1:yKufUcDwucU5urd+50/Opbt4AYpqthk7wHpHok8f1lo= -golang.org/x/net v0.0.0-20220906165146-f3363e06e74c/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -851,12 +851,14 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956 h1:XeJjHH1KiLpKGb6lvMiksZ9l0fVUh+AmGcm0nOMEBOY= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -865,8 +867,9 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -935,8 +938,8 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= -golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= +golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 68bcb3761cfeefb33fa5b6ffa5fff6ffb03eb41b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:08:24 -0700 Subject: [PATCH 348/494] Bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 (#9208) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/ff11ca24a9b39f2d36796d1fbd7a4e39c182630a...b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index ff11b713c..0e4b2671d 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -27,7 +27,7 @@ jobs: go-version: 1.19.2 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.0.0 + uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 # v3.0.0 with: version: latest args: release --rm-dist From a500a1ec8f5e18b3acdb775a54d9d8c6dece355a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:18:35 -0700 Subject: [PATCH 349/494] Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#9202) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b320fe44b..3ed69f652 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/prometheus/common v0.37.0 github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.0 + github.com/stretchr/testify v1.8.1 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.1.0 diff --git a/go.sum b/go.sum index 9ce9078e4..1468b7617 100644 --- a/go.sum +++ b/go.sum @@ -561,8 +561,9 @@ github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.1.3/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -571,8 +572,9 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= From f4cefedc9339b152865fd03e75f88bf05c7a6f59 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:20:35 -0700 Subject: [PATCH 350/494] Bump ossf/scorecard-action from 2.0.4 to 2.0.6 (#9203) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.4 to 2.0.6. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e363bfca00e752f91de7b7d2a77340e2e523cb18...99c53751e09b9529366343771cc321ec74e9bd3d) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index c06db13ca..9fbc0480a 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e363bfca00e752f91de7b7d2a77340e2e523cb18 # v1.1.1 + uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v1.1.1 with: results_file: results.sarif results_format: sarif From 951d8196e555eb4f0701ff871e9ed25c146a0e20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:22:34 -0700 Subject: [PATCH 351/494] Bump docker/setup-buildx-action from 2.1.0 to 2.2.1 (#9204) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.1.0 to 2.2.1. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/95cb08cb2672c73d4ffd2f422e6d11953d2a9c70...8c0edbc76e98fa90f69d9a2c020dcb50019dc325) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 93caa3b4c..56569b5d8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -81,7 +81,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@95cb08cb2672c73d4ffd2f422e6d11953d2a9c70 # v2.0.0 + uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.0.0 with: version: latest From 60dc84476b0be8810128b9f756d4de52f0f4d7ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:24:34 -0700 Subject: [PATCH 352/494] Bump actions/setup-go from 3.3.0 to 3.3.1 (#9205) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.0 to 3.3.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/268d8c0ca0432bb2cf416faae41297df9d262d7f...c4a742cab115ed795e34d4513e2cf7d472deb55f) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- .github/workflows/plugin.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 56569b5d8..a85165efd 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -72,7 +72,7 @@ jobs: - name: Set up Go 1.19.2 id: go - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 with: go-version: '1.19.2' @@ -138,7 +138,7 @@ jobs: uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Setup Go - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 with: go-version: '1.19.2' @@ -414,7 +414,7 @@ jobs: - name: Set up Go 1.19.2 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 with: go-version: '1.19.2' diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 0e4b2671d..5da461528 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -22,7 +22,7 @@ jobs: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 with: go-version: 1.19.2 From f7c757c90b1b51522570089362cf9fab45875720 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:26:36 -0700 Subject: [PATCH 353/494] Bump github/codeql-action from 2.1.27 to 2.1.28 (#9206) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.27 to 2.1.28. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/807578363a7869ca324a79039e6db9c843e0e100...cc7986c02bac29104a72998e67239bb5ee2ee110) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 9fbc0480a..762634db0 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.14 + uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 0cfdb6375..34c4f1901 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 + uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 9216b7b0991b6c5f89c73c401a1cc4d471d4a314 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:28:35 -0700 Subject: [PATCH 354/494] Bump actions/download-artifact from 3.0.0 to 3.0.1 (#9207) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/fb598a63ae348fa914e94cd0ff38f362e927b741...9782bd6a9848b53b110e712e20e42d89988822b7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a85165efd..25cc509f0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -143,7 +143,7 @@ jobs: go-version: '1.19.2' - name: cache - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3 with: name: docker.tar.gz @@ -221,7 +221,7 @@ jobs: uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: cache - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v2 with: name: docker.tar.gz @@ -278,7 +278,7 @@ jobs: uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: cache - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 with: name: docker.tar.gz From 397003d7ccfee5d9f74d8c1a6378caa40b53d448 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Oct 2022 07:10:36 -0700 Subject: [PATCH 355/494] Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 (#9200) Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/compare/v0.2.0...v0.3.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 3ed69f652..a1b307b36 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 - github.com/prometheus/client_model v0.2.0 + github.com/prometheus/client_model v0.3.0 github.com/prometheus/common v0.37.0 github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index 1468b7617..529555a3a 100644 --- a/go.sum +++ b/go.sum @@ -495,8 +495,9 @@ github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= +github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= From a383cfc55100aae3894629bea224472c578909c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20G=C3=BCttler?= Date: Tue, 25 Oct 2022 16:14:36 +0200 Subject: [PATCH 356/494] fix typo in docs. (#9167) --- docs/deploy/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 4cefb7c48..1ae4f22de 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -8,7 +8,7 @@ There are multiple ways to install the NGINX ingress controller: On most Kubernetes clusters, the ingress controller will work without requiring any extra configuration. If you want to get started as fast as possible, you can check the [quick start](#quick-start) instructions. However, in many -environments, you can improve the performance or get better logs by enabling extra features. we recommend that you +environments, you can improve the performance or get better logs by enabling extra features. We recommend that you check the [environment-specific instructions](#environment-specific-instructions) for details about optimizing the ingress controller for your particular environment or cloud provider. From ac1a3363bde234252e750845d4a9547dad997e84 Mon Sep 17 00:00:00 2001 From: Youssef Bel Mekki <38552193+ybelMekk@users.noreply.github.com> Date: Tue, 25 Oct 2022 23:14:36 +0200 Subject: [PATCH 357/494] add:(admission-webhooks) ability to set securityContext for job-containers createSecret and patchWebhook (#9186) Signed-off-by: ybelMekk Signed-off-by: ybelMekk --- charts/ingress-nginx/README.md | 2 ++ .../admission-webhooks/job-patch/job-createSecret.yaml | 5 +++-- .../admission-webhooks/job-patch/job-patchWebhook.yaml | 5 +++-- charts/ingress-nginx/values.yaml | 4 ++++ 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 06db4d991..6ce41792e 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -242,6 +242,7 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.annotations | object | `{}` | | | controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | | | controller.admissionWebhooks.createSecretJob.resources | object | `{}` | | +| controller.admissionWebhooks.createSecretJob.securityContext.allowPrivilegeEscalation | bool | `false` | | | controller.admissionWebhooks.enabled | bool | `true` | | | controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set | @@ -266,6 +267,7 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | | | controller.admissionWebhooks.patch.tolerations | list | `[]` | | | controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | | +| controller.admissionWebhooks.patchWebhookJob.securityContext.allowPrivilegeEscalation | bool | `false` | | | controller.admissionWebhooks.port | int | `8443` | | | controller.admissionWebhooks.service.annotations | object | `{}` | | | controller.admissionWebhooks.service.externalIPs | list | `[]` | | diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 7558e0b1a..de78f45bd 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -59,8 +59,9 @@ spec: {{- if .Values.controller.admissionWebhooks.extraEnvs }} {{- toYaml .Values.controller.admissionWebhooks.extraEnvs | nindent 12 }} {{- end }} - securityContext: - allowPrivilegeEscalation: false + {{- if .Values.controller.admissionWebhooks.createSecretJob.securityContext }} + securityContext: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.securityContext | nindent 12 }} + {{- end }} {{- if .Values.controller.admissionWebhooks.createSecretJob.resources }} resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 05282150b..b670aa05a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -61,8 +61,9 @@ spec: {{- if .Values.controller.admissionWebhooks.extraEnvs }} {{- toYaml .Values.controller.admissionWebhooks.extraEnvs | nindent 12 }} {{- end }} - securityContext: - allowPrivilegeEscalation: false + {{- if .Values.controller.admissionWebhooks.patchWebhookJob.securityContext }} + securityContext: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.securityContext | nindent 12 }} + {{- end }} {{- if .Values.controller.admissionWebhooks.patchWebhookJob.resources }} resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 622244a11..9092a5de9 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -627,6 +627,8 @@ controller: type: ClusterIP createSecretJob: + securityContext: + allowPrivilegeEscalation: false resources: {} # limits: # cpu: 10m @@ -636,6 +638,8 @@ controller: # memory: 20Mi patchWebhookJob: + securityContext: + allowPrivilegeEscalation: false resources: {} patch: From 2488fb00649f36cc0c6d0eadbb3d38dccd12f7be Mon Sep 17 00:00:00 2001 From: Jaen Date: Tue, 25 Oct 2022 15:06:35 -0700 Subject: [PATCH 358/494] Fix Markdown header level (#9210) Cloud providers use level 4 headers. --- docs/deploy/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 1ae4f22de..3f99c7a44 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -337,7 +337,7 @@ A [complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation. -### OVHcloud +#### OVHcloud ```console helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx From bf8362cb500b413d04d04b1312df1914b4b193f8 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Sat, 29 Oct 2022 07:40:39 +0800 Subject: [PATCH 359/494] chore: bump NGINX version v1.21.4 (#8889) * chore: bump NGINX version v1.21.4 Signed-off-by: Jintao Zhang * chore: bump all others Signed-off-by: Jintao Zhang * apply all patches Signed-off-by: Jintao Zhang * fix files hash Signed-off-by: Jintao Zhang * fix ajp module Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- images/nginx/rootfs/build.sh | 78 ++++++++++--------- .../patches/nginx-1.19.9-no_Werror.patch | 36 --------- ...> nginx-1.21.4-balancer_status_code.patch} | 0 ... => nginx-1.21.4-cache_manager_exit.patch} | 0 ... nginx-1.21.4-delayed_posted_events.patch} | 0 ...patch => nginx-1.21.4-hash_overflow.patch} | 0 ...ginx-1.21.4-init_cycle_pool_release.patch} | 24 +++--- ...> nginx-1.21.4-larger_max_error_str.patch} | 4 +- .../patches/nginx-1.21.4-no_Werror.patch | 36 +++++++++ ...> nginx-1.21.4-proxy_host_port_vars.patch} | 4 +- ... nginx-1.21.4-resolver_conf_parsing.patch} | 0 ...x-1.21.4-reuseport_close_unused_fds.patch} | 0 ...1.21.4-single_process_graceful_exit.patch} | 0 ...atch => nginx-1.21.4-socket_cloexec.patch} | 0 ...h => nginx-1.21.4-ssl_cert_cb_yield.patch} | 0 ...h => nginx-1.21.4-ssl_sess_cb_yield.patch} | 0 ...tream_proxy_get_next_upstream_tries.patch} | 0 ...x-1.21.4-stream_ssl_preread_no_skip.patch} | 0 ...=> nginx-1.21.4-upstream_pipelining.patch} | 0 ...ginx-1.21.4-upstream_timeout_fields.patch} | 0 .../rootfs/patches/patch.2021.resolver.txt | 23 ------ 21 files changed, 92 insertions(+), 113 deletions(-) delete mode 100644 images/nginx/rootfs/patches/nginx-1.19.9-no_Werror.patch rename images/nginx/rootfs/patches/{nginx-1.19.9-balancer_status_code.patch => nginx-1.21.4-balancer_status_code.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-cache_manager_exit.patch => nginx-1.21.4-cache_manager_exit.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-delayed_posted_events.patch => nginx-1.21.4-delayed_posted_events.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-hash_overflow.patch => nginx-1.21.4-hash_overflow.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-init_cycle_pool_release.patch => nginx-1.21.4-init_cycle_pool_release.patch} (65%) rename images/nginx/rootfs/patches/{nginx-1.19.9-larger_max_error_str.patch => nginx-1.21.4-larger_max_error_str.patch} (62%) create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch rename images/nginx/rootfs/patches/{nginx-1.19.9-proxy_host_port_vars.patch => nginx-1.21.4-proxy_host_port_vars.patch} (87%) rename images/nginx/rootfs/patches/{nginx-1.19.9-resolver_conf_parsing.patch => nginx-1.21.4-resolver_conf_parsing.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-reuseport_close_unused_fds.patch => nginx-1.21.4-reuseport_close_unused_fds.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-single_process_graceful_exit.patch => nginx-1.21.4-single_process_graceful_exit.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-socket_cloexec.patch => nginx-1.21.4-socket_cloexec.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-ssl_cert_cb_yield.patch => nginx-1.21.4-ssl_cert_cb_yield.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-ssl_sess_cb_yield.patch => nginx-1.21.4-ssl_sess_cb_yield.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-stream_proxy_get_next_upstream_tries.patch => nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-stream_ssl_preread_no_skip.patch => nginx-1.21.4-stream_ssl_preread_no_skip.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-upstream_pipelining.patch => nginx-1.21.4-upstream_pipelining.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-upstream_timeout_fields.patch => nginx-1.21.4-upstream_timeout_fields.patch} (100%) delete mode 100644 images/nginx/rootfs/patches/patch.2021.resolver.txt diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 75d765e78..cfea7b7c8 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -18,13 +18,13 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.19.10 +export NGINX_VERSION=1.21.4 # Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.1...master export NDK_VERSION=0.3.1 -# Check for recent changes: https://github.com/openresty/set-misc-nginx-module/compare/v0.32...master -export SETMISC_VERSION=0.32 +# Check for recent changes: https://github.com/openresty/set-misc-nginx-module/compare/v0.33...master +export SETMISC_VERSION=0.33 # Check for recent changes: https://github.com/openresty/headers-more-nginx-module/compare/v0.33...master export MORE_HEADERS_VERSION=0.33 @@ -65,28 +65,30 @@ export MODSECURITY_LIB_VERSION=v3.0.8 # Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v3.3.2...v3.3/master export OWASP_MODSECURITY_CRS_VERSION=v3.3.4 -# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.20...master -export LUA_NGX_VERSION=b721656a9127255003b696b42ccc871c7ec18d59 +# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.21...master +export LUA_NGX_VERSION=0.10.21 -# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/v0.0.10...master -export LUA_STREAM_NGX_VERSION=74f8c8bca5b95cecbf42d4e1a465bc08cd075a9b +# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/v0.0.11...master +export LUA_STREAM_NGX_VERSION=0.0.11 -# Check for recent changes: https://github.com/openresty/lua-upstream-nginx-module/compare/v0.07...master +# Check for recent changes: https://github.com/openresty/lua-upstream-nginx-module/compare/8aa93ead98ba2060d4efd594ae33a35d153589bf...master export LUA_UPSTREAM_VERSION=8aa93ead98ba2060d4efd594ae33a35d153589bf -# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.8...openresty:master -export LUA_CJSON_VERSION=4b350c531de3d71008c77ae94e59275b8371b4dc +# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.10...openresty:master +export LUA_CJSON_VERSION=2.1.0.10 export NGINX_INFLUXDB_VERSION=5b09391cb7b9a889687c0aa67964c06a2d933e8b # Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/3.3...master export GEOIP2_VERSION=a26c6beed77e81553686852dceb6c7fdacc5970d -# Check for recent changes: https://github.com/yaoweibin/nginx_ajp_module/compare/v0.3.0...master -export NGINX_AJP_VERSION=a964a0bcc6a9f2bfb82a13752d7794a36319ffac +# Check for recent changes: https://github.com/msva/nginx_ajp_module/compare/fcbb2ccca4901d317ecd7a9dabb3fec9378ff40f...master +# This is a fork from https://github.com/yaoweibin/nginx_ajp_module +# Since it has not been updated and is not compatible with NGINX 1.21 +export NGINX_AJP_VERSION=fcbb2ccca4901d317ecd7a9dabb3fec9378ff40f -# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20210510...v2.1-agentzh -export LUAJIT_VERSION=2.1-20210510 +# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20220411...v2.1-agentzh +export LUAJIT_VERSION=2.1-20220411 # Check for recent changes: https://github.com/openresty/lua-resty-balancer/compare/v0.04...master export LUA_RESTY_BALANCER=0.04 @@ -94,8 +96,8 @@ export LUA_RESTY_BALANCER=0.04 # Check for recent changes: https://github.com/openresty/lua-resty-lrucache/compare/v0.11...master export LUA_RESTY_CACHE=0.11 -# Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.22...master -export LUA_RESTY_CORE=0.1.22 +# Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.23...master +export LUA_RESTY_CORE=0.1.23 # Check for recent changes: https://github.com/cloudflare/lua-resty-cookie/compare/v0.1.0...master export LUA_RESTY_COOKIE_VERSION=303e32e512defced053a6484bc0745cf9dc0d39e @@ -112,17 +114,17 @@ export LUA_RESTY_LOCK=0.08 # Check for recent changes: https://github.com/openresty/lua-resty-upload/compare/v0.10...master export LUA_RESTY_UPLOAD_VERSION=0.10 -# Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.14...master -export LUA_RESTY_STRING_VERSION=9ace36f2dde09451c377c839117ade45eb02d460 +# Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.15...master +export LUA_RESTY_STRING_VERSION=0.15 # Check for recent changes: https://github.com/openresty/lua-resty-memcached/compare/v0.16...master export LUA_RESTY_MEMCACHED_VERSION=0.16 -# Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.29...master -export LUA_RESTY_REDIS_VERSION=0.29 +# Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.30...master +export LUA_RESTY_REDIS_VERSION=0.30 -# Check for recent changes: https://github.com/api7/lua-resty-ipmatcher/compare/v0.6...master -export LUA_RESTY_IPMATCHER_VERSION=211e0d2eb8bbb558b79368f89948a0bafdc23654 +# Check for recent changes: https://github.com/api7/lua-resty-ipmatcher/compare/v0.6.1...master +export LUA_RESTY_IPMATCHER_VERSION=0.6.1 # Check for recent changes: https://github.com/ElvinEfendi/lua-resty-global-throttle/compare/v0.2.0...main export LUA_RESTY_GLOBAL_THROTTLE_VERSION=0.2.0 @@ -200,13 +202,13 @@ mkdir --verbose -p "$BUILD_PATH" cd "$BUILD_PATH" # download, verify and extract the source files -get_src e8d0290ff561986ad7cd6c33307e12e11b137186c4403a6a5ccdb4914c082d88 \ +get_src d1f72f474e71bcaaf465dcc7e6f7b6a4705e4b1ed95c581af31df697551f3bfe \ "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" get_src 0e971105e210d272a497567fa2e2c256f4e39b845a5ba80d373e26ba1abfbd85 \ "https://github.com/simpl/ngx_devel_kit/archive/v$NDK_VERSION.tar.gz" -get_src f1ad2459c4ee6a61771aa84f77871f4bfe42943a4aa4c30c62ba3f981f52c201 \ +get_src cd5e2cc834bcfa30149e7511f2b5a2183baf0b70dc091af717a89a64e44a2985 \ "https://github.com/openresty/set-misc-nginx-module/archive/v$SETMISC_VERSION.tar.gz" get_src a3dcbab117a9c103bc1ea5200fc00a7b7d2af97ff7fd525f16f8ac2632e30fbf \ @@ -245,11 +247,11 @@ get_src 7d5f3439c8df56046d0564b5857fd8a30296ab1bd6df0f048aed7afb56a0a4c2 \ get_src 99c47c75c159795c9faf76bbb9fa58e5a50b75286c86565ffcec8514b1c74bf9 \ "https://github.com/openresty/stream-lua-nginx-module/archive/v$LUA_STREAM_NGX_VERSION.tar.gz" else -get_src 085a9fb2bf9c4466977595a5fe5156d76f3a2d9a2a81be3cacaff2021773393e \ - "https://github.com/openresty/lua-nginx-module/archive/$LUA_NGX_VERSION.tar.gz" +get_src 9db756000578efaecb43bea4fc6cf631aaa80988d86ffe5d3afeb9927895ffad \ + "https://github.com/openresty/lua-nginx-module/archive/v$LUA_NGX_VERSION.tar.gz" -get_src ba38c9f8e4265836ba7f2ac559ddf140693ff2f5ae33ab1e384f51f3992151ab \ - "https://github.com/openresty/stream-lua-nginx-module/archive/$LUA_STREAM_NGX_VERSION.tar.gz" +get_src c7924f28cb014a99636e747ea907724dd55f60e180cb92cde6e8ed48d2278f27 \ + "https://github.com/openresty/stream-lua-nginx-module/archive/v$LUA_STREAM_NGX_VERSION.tar.gz" fi @@ -260,7 +262,7 @@ if [[ ${ARCH} == "s390x" ]]; then get_src 266ed1abb70a9806d97cb958537a44b67db6afb33d3b32292a2d68a2acedea75 \ "https://github.com/openresty/luajit2/archive/$LUAJIT_VERSION.tar.gz" else -get_src 1ee6dad809a5bb22efb45e6dac767f7ce544ad652d353a93d7f26b605f69fe3f \ +get_src d3f2c870f8f88477b01726b32accab30f6e5d57ae59c5ec87374ff73d0794316 \ "https://github.com/openresty/luajit2/archive/v$LUAJIT_VERSION.tar.gz" fi @@ -273,14 +275,14 @@ get_src 1af5a5632dc8b00ae103d51b7bf225de3a7f0df82f5c6a401996c080106e600e \ get_src 4c1933434572226942c65b2f2b26c8a536ab76aa771a3c7f6c2629faa764976b \ "https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz" -get_src 94d1512bf0e5e6ffa4eca0489db1279d51f45386fffcb8a1d2d9f7fe93518465 \ - "https://github.com/yaoweibin/nginx_ajp_module/archive/$NGINX_AJP_VERSION.tar.gz" +get_src 778fcca851bd69dabfb382dc827d2ee07662f7eca36b5e66e67d5512bad75ef8 \ + "https://github.com/msva/nginx_ajp_module/archive/$NGINX_AJP_VERSION.tar.gz" get_src 5d16e623d17d4f42cc64ea9cfb69ca960d313e12f5d828f785dd227cc483fcbd \ "https://github.com/openresty/lua-resty-upload/archive/v$LUA_RESTY_UPLOAD_VERSION.tar.gz" -get_src 462c6b38792bab4ca8212bdfd3f2e38f6883bb45c8fb8a03474ea813e0fab853 \ - "https://github.com/openresty/lua-resty-string/archive/$LUA_RESTY_STRING_VERSION.tar.gz" +get_src bdbf271003d95aa91cab0a92f24dca129e99b33f79c13ebfcdbbcbb558129491 \ + "https://github.com/openresty/lua-resty-string/archive/v$LUA_RESTY_STRING_VERSION.tar.gz" get_src 16d72ed133f0c6df376a327386c3ef4e9406cf51003a700737c3805770ade7c5 \ "https://github.com/openresty/lua-resty-balancer/archive/v$LUA_RESTY_BALANCER.tar.gz" @@ -289,11 +291,11 @@ if [[ ${ARCH} == "s390x" ]]; then get_src 8f5f76d2689a3f6b0782f0a009c56a65e4c7a4382be86422c9b3549fe95b0dc4 \ "https://github.com/openresty/lua-resty-core/archive/v$LUA_RESTY_CORE.tar.gz" else -get_src 4d971f711fad48c097070457c128ca36053835d8a3ba25a937e9991547d55d4d \ +get_src efd6b51520429e64b1bcc10f477d370ebed1631c190f7e4dc270d959a743ad7d \ "https://github.com/openresty/lua-resty-core/archive/v$LUA_RESTY_CORE.tar.gz" fi -get_src 8d602af2669fb386931760916a39f6c9034f2363c4965f215042c086b8215238 \ +get_src 0c551d6898f89f876e48730f9b55790d0ba07d5bc0aa6c76153277f63c19489f \ "https://github.com/openresty/lua-cjson/archive/$LUA_CJSON_VERSION.tar.gz" get_src 5ed48c36231e2622b001308622d46a0077525ac2f751e8cc0c9905914254baa4 \ @@ -314,11 +316,11 @@ get_src 9fcb6db95bc37b6fce77d3b3dc740d593f9d90dce0369b405eb04844d56ac43f \ get_src 42893da0e3de4ec180c9bf02f82608d78787290a70c5644b538f29d243147396 \ "https://github.com/openresty/lua-resty-memcached/archive/v$LUA_RESTY_MEMCACHED_VERSION.tar.gz" -get_src 3f602af507aacd1f7aaeddfe7b77627fcde095fe9f115cb9d6ad8de2a52520e1 \ +get_src c15aed1a01c88a3a6387d9af67a957dff670357f5fdb4ee182beb44635eef3f1 \ "https://github.com/openresty/lua-resty-redis/archive/v$LUA_RESTY_REDIS_VERSION.tar.gz" -get_src b8dbd502751140993a852381bcd8e98a402454596bd91838c1e51268d42db261 \ - "https://github.com/api7/lua-resty-ipmatcher/archive/$LUA_RESTY_IPMATCHER_VERSION.tar.gz" +get_src efb767487ea3f6031577b9b224467ddbda2ad51a41c5867a47582d4ad85d609e \ + "https://github.com/api7/lua-resty-ipmatcher/archive/v$LUA_RESTY_IPMATCHER_VERSION.tar.gz" get_src 0fb790e394510e73fdba1492e576aaec0b8ee9ef08e3e821ce253a07719cf7ea \ "https://github.com/ElvinEfendi/lua-resty-global-throttle/archive/v$LUA_RESTY_GLOBAL_THROTTLE_VERSION.tar.gz" diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-no_Werror.patch b/images/nginx/rootfs/patches/nginx-1.19.9-no_Werror.patch deleted file mode 100644 index 7bb0ac902..000000000 --- a/images/nginx/rootfs/patches/nginx-1.19.9-no_Werror.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -urp nginx-1.19.9/auto/cc/clang nginx-1.19.9-patched/auto/cc/clang ---- nginx-1.19.9/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.19.9-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 -@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali - CFLAGS="$CFLAGS -Wno-unused-parameter" - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.19.9/auto/cc/gcc nginx-1.19.9-patched/auto/cc/gcc ---- nginx-1.19.9/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.19.9-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 -@@ -168,7 +168,7 @@ esac - - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.19.9/auto/cc/icc nginx-1.19.9-patched/auto/cc/icc ---- nginx-1.19.9/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.19.9-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 -@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in - esac - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-balancer_status_code.patch b/images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-balancer_status_code.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-cache_manager_exit.patch b/images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-cache_manager_exit.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-delayed_posted_events.patch b/images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-delayed_posted_events.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-hash_overflow.patch b/images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-hash_overflow.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-init_cycle_pool_release.patch b/images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch similarity index 65% rename from images/nginx/rootfs/patches/nginx-1.19.9-init_cycle_pool_release.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch index aa2df4660..9cfa4f7cb 100644 --- a/images/nginx/rootfs/patches/nginx-1.19.9-init_cycle_pool_release.patch +++ b/images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch @@ -1,6 +1,6 @@ -diff -rup nginx-1.19.9/src/core/nginx.c nginx-1.19.9-patched/src/core/nginx.c ---- nginx-1.19.9/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 -+++ nginx-1.19.9-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 +diff -rup nginx-1.21.4/src/core/nginx.c nginx-1.21.4-patched/src/core/nginx.c +--- nginx-1.21.4/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 ++++ nginx-1.21.4-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 @@ -186,6 +186,7 @@ static u_char *ngx_prefix; static u_char *ngx_conf_file; static u_char *ngx_conf_params; @@ -18,9 +18,9 @@ diff -rup nginx-1.19.9/src/core/nginx.c nginx-1.19.9-patched/src/core/nginx.c if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) { return 1; } -diff -rup nginx-1.19.9/src/core/ngx_core.h nginx-1.19.9-patched/src/core/ngx_core.h ---- nginx-1.19.9/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.19.9-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 +diff -rup nginx-1.21.4/src/core/ngx_core.h nginx-1.21.4-patched/src/core/ngx_core.h +--- nginx-1.21.4/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.21.4-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 @@ -108,4 +108,6 @@ void ngx_cpuinfo(void); #define NGX_DISABLE_SYMLINKS_NOTOWNER 2 #endif @@ -28,9 +28,9 @@ diff -rup nginx-1.19.9/src/core/ngx_core.h nginx-1.19.9-patched/src/core/ngx_cor +extern ngx_pool_t *saved_init_cycle_pool; + #endif /* _NGX_CORE_H_INCLUDED_ */ -diff -rup nginx-1.19.9/src/core/ngx_cycle.c nginx-1.19.9-patched/src/core/ngx_cycle.c ---- nginx-1.19.9/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.19.9-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 +diff -rup nginx-1.21.4/src/core/ngx_cycle.c nginx-1.21.4-patched/src/core/ngx_cycle.c +--- nginx-1.21.4/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.21.4-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 @@ -748,6 +748,10 @@ old_shm_zone_done: if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) { @@ -42,9 +42,9 @@ diff -rup nginx-1.19.9/src/core/ngx_cycle.c nginx-1.19.9-patched/src/core/ngx_cy ngx_destroy_pool(old_cycle->pool); cycle->old_cycle = NULL; -diff -rup nginx-1.19.9/src/os/unix/ngx_process_cycle.c nginx-1.19.9-patched/src/os/unix/ngx_process_cycle.c ---- nginx-1.19.9/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 -+++ nginx-1.19.9-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 +diff -rup nginx-1.21.4/src/os/unix/ngx_process_cycle.c nginx-1.21.4-patched/src/os/unix/ngx_process_cycle.c +--- nginx-1.21.4/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 ++++ nginx-1.21.4-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 @@ -687,6 +692,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc ngx_exit_cycle.files_n = ngx_cycle->files_n; ngx_cycle = &ngx_exit_cycle; diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-larger_max_error_str.patch b/images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch similarity index 62% rename from images/nginx/rootfs/patches/nginx-1.19.9-larger_max_error_str.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch index 0628d3abb..c89032c9f 100644 --- a/images/nginx/rootfs/patches/nginx-1.19.9-larger_max_error_str.patch +++ b/images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch @@ -1,5 +1,5 @@ ---- nginx-1.19.9/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 -+++ nginx-1.19.9-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 +--- nginx-1.21.4/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 ++++ nginx-1.21.4-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 @@ -64,7 +64,9 @@ struct ngx_log_s { }; diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch b/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch new file mode 100644 index 000000000..f4d6fd0e5 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch @@ -0,0 +1,36 @@ +diff -urp nginx-1.21.4/auto/cc/clang nginx-1.21.4-patched/auto/cc/clang +--- nginx-1.21.4/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.21.4-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 +@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali + CFLAGS="$CFLAGS -Wno-unused-parameter" + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.21.4/auto/cc/gcc nginx-1.21.4-patched/auto/cc/gcc +--- nginx-1.21.4/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.21.4-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 +@@ -168,7 +168,7 @@ esac + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.21.4/auto/cc/icc nginx-1.21.4-patched/auto/cc/icc +--- nginx-1.21.4/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.21.4-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 +@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in + esac + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-proxy_host_port_vars.patch b/images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch similarity index 87% rename from images/nginx/rootfs/patches/nginx-1.19.9-proxy_host_port_vars.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch index 25282bda3..01cebd65a 100644 --- a/images/nginx/rootfs/patches/nginx-1.19.9-proxy_host_port_vars.patch +++ b/images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch @@ -1,5 +1,5 @@ ---- nginx-1.19.9/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 -+++ nginx-1.19.9-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 +--- nginx-1.21.4/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 ++++ nginx-1.21.4-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 @@ -793,13 +793,13 @@ static ngx_keyval_t ngx_http_proxy_cach static ngx_http_variable_t ngx_http_proxy_vars[] = { diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-resolver_conf_parsing.patch b/images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-resolver_conf_parsing.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-reuseport_close_unused_fds.patch b/images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-reuseport_close_unused_fds.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-single_process_graceful_exit.patch b/images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-single_process_graceful_exit.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-socket_cloexec.patch b/images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-socket_cloexec.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-ssl_cert_cb_yield.patch b/images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-ssl_cert_cb_yield.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-ssl_sess_cb_yield.patch b/images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-ssl_sess_cb_yield.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-stream_proxy_get_next_upstream_tries.patch b/images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-stream_proxy_get_next_upstream_tries.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-stream_ssl_preread_no_skip.patch b/images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-stream_ssl_preread_no_skip.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-upstream_pipelining.patch b/images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-upstream_pipelining.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-upstream_timeout_fields.patch b/images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-upstream_timeout_fields.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch diff --git a/images/nginx/rootfs/patches/patch.2021.resolver.txt b/images/nginx/rootfs/patches/patch.2021.resolver.txt deleted file mode 100644 index 6c895e61c..000000000 --- a/images/nginx/rootfs/patches/patch.2021.resolver.txt +++ /dev/null @@ -1,23 +0,0 @@ -diff --git src/core/ngx_resolver.c src/core/ngx_resolver.c ---- src/core/ngx_resolver.c -+++ src/core/ngx_resolver.c -@@ -4008,15 +4008,15 @@ done: - n = *src++; - - } else { -+ if (dst != name->data) { -+ *dst++ = '.'; -+ } -+ - ngx_strlow(dst, src, n); - dst += n; - src += n; - - n = *src++; -- -- if (n != 0) { -- *dst++ = '.'; -- } - } - - if (n == 0) { From 0b5e0685112e4537ee20a0bdbba451e9f6158aa3 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Mon, 31 Oct 2022 22:10:45 +0800 Subject: [PATCH 360/494] chore: update NGINX to 1.21.6 (#9231) Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- images/nginx/rootfs/build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index cfea7b7c8..5a6394fd9 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -18,7 +18,7 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.21.4 +export NGINX_VERSION=1.21.6 # Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.1...master export NDK_VERSION=0.3.1 @@ -202,7 +202,7 @@ mkdir --verbose -p "$BUILD_PATH" cd "$BUILD_PATH" # download, verify and extract the source files -get_src d1f72f474e71bcaaf465dcc7e6f7b6a4705e4b1ed95c581af31df697551f3bfe \ +get_src 66dc7081488811e9f925719e34d1b4504c2801c81dee2920e5452a86b11405ae \ "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" get_src 0e971105e210d272a497567fa2e2c256f4e39b845a5ba80d373e26ba1abfbd85 \ From 8c698778a3c0a14a3c2579a451cb5aede294d8c7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Oct 2022 09:24:45 -0700 Subject: [PATCH 361/494] Bump actions/dependency-review-action from 2.5.0 to 2.5.1 (#9237) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.5.0 to 2.5.1. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/fd675ced9c17f1393071e1a2e685ab527e585a0c...0efb1d1d84fc9633afcdaad14c485cbbc90ef46c) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 18ab95a6a..85c91d664 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@fd675ced9c17f1393071e1a2e685ab527e585a0c #v2.0.2 + uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c #v2.0.2 From 709e984ff673664996fd67b12ec195bdbfa3896c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Nov 2022 09:52:15 -0700 Subject: [PATCH 362/494] Bump github/codeql-action from 2.1.28 to 2.1.29 (#9236) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.28 to 2.1.29. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/cc7986c02bac29104a72998e67239bb5ee2ee110...ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 762634db0..90fb2d3d4 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110 # v2.1.14 + uses: github/codeql-action/upload-sarif@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 34c4f1901..004370a90 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110 + uses: github/codeql-action/upload-sarif@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 12c60288ffc829f22ba23ea53bbb9660e91fd85d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Nov 2022 09:54:14 -0700 Subject: [PATCH 363/494] Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#9233) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a1b307b36..58c4c58de 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/prometheus/client_golang v1.13.0 github.com/prometheus/client_model v0.3.0 github.com/prometheus/common v0.37.0 - github.com/spf13/cobra v1.6.0 + github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.1 github.com/yudai/gojsondiff v1.0.0 diff --git a/go.sum b/go.sum index 529555a3a..30d65e6b4 100644 --- a/go.sum +++ b/go.sum @@ -550,8 +550,8 @@ github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= -github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI= -github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= +github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= From cf4fb7d8120b770abac78d28d90971266fa83449 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Nov 2022 09:56:14 -0700 Subject: [PATCH 364/494] Bump actions/upload-artifact from 3.1.0 to 3.1.1 (#9234) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/3cea5372237819ed00197afe530f5a7ea3e805c8...83fd05a356d7e2593de66fc9913b3002723633cb) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 25cc509f0..7c61d2e4a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -114,7 +114,7 @@ jobs: | pigz > docker.tar.gz - name: cache - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 with: name: docker.tar.gz path: docker.tar.gz diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 90fb2d3d4..fae11715f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.0.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.0.0 with: name: SARIF file path: results.sarif From 3c32413e30703383ddf32bbe9a1e531d4169e6d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Nov 2022 09:58:14 -0700 Subject: [PATCH 365/494] Bump azure/setup-helm from 3.3 to 3.4 (#9235) Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3.3 to 3.4. - [Release notes](https://github.com/azure/setup-helm/releases) - [Commits](https://github.com/azure/setup-helm/compare/b5b231a831f96336bbfeccc1329990f0005c5bb1...f382f75448129b3be48f8121b9857be18d815a82) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7c61d2e4a..3410b326b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -239,7 +239,7 @@ jobs: failOnError: false - name: Prepare cluster for testing - uses: azure/setup-helm@b5b231a831f96336bbfeccc1329990f0005c5bb1 #v2.1 + uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 #v2.1 with: version: 'v3.8.0' id: local-path @@ -296,7 +296,7 @@ jobs: failOnError: false - name: Prepare cluster for testing - uses: azure/setup-helm@b5b231a831f96336bbfeccc1329990f0005c5bb1 #v2.1 + uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 #v2.1 with: version: 'v3.8.0' id: local-path From 490ecffc5242be8c54f8735d4af4d4ccad39acb7 Mon Sep 17 00:00:00 2001 From: Tomas Hulata Date: Sat, 5 Nov 2022 22:22:15 +0100 Subject: [PATCH 366/494] fix svc long name (#9245) Signed-off-by: tombokombo Signed-off-by: tombokombo --- .../ingress/controller/store/endpointslice.go | 15 ++++- .../controller/store/endpointslice_test.go | 39 +++++++++++++ test/e2e/e2e.go | 1 + test/e2e/endpointslices/longname.go | 55 +++++++++++++++++++ test/e2e/framework/deployment.go | 6 ++ 5 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 test/e2e/endpointslices/longname.go diff --git a/internal/ingress/controller/store/endpointslice.go b/internal/ingress/controller/store/endpointslice.go index fdd7374e9..78d088695 100644 --- a/internal/ingress/controller/store/endpointslice.go +++ b/internal/ingress/controller/store/endpointslice.go @@ -21,6 +21,7 @@ import ( "strings" discoveryv1 "k8s.io/api/discovery/v1" + apiNames "k8s.io/apiserver/pkg/storage/names" "k8s.io/client-go/tools/cache" ) @@ -32,9 +33,21 @@ type EndpointSliceLister struct { // MatchByKey returns the EndpointsSlices of the Service matching key in the local Endpoint Store. func (s *EndpointSliceLister) MatchByKey(key string) ([]*discoveryv1.EndpointSlice, error) { var eps []*discoveryv1.EndpointSlice + keyNsLen := strings.Index(key, "/") + if keyNsLen < -1 { + keyNsLen = 0 + } else { + // count '/' char + keyNsLen += 1 + } // filter endpointSlices owned by svc for _, listKey := range s.ListKeys() { - if !strings.HasPrefix(listKey, key) { + if len(key) < (apiNames.MaxGeneratedNameLength+keyNsLen) && !strings.HasPrefix(listKey, key) { + continue + } + // generated endpointslices names has truncated svc name as prefix when svc name is too long, we compare only non truncated part + // https://github.com/kubernetes/ingress-nginx/issues/9240 + if len(key) >= (apiNames.MaxGeneratedNameLength+keyNsLen) && !strings.HasPrefix(listKey, key[:apiNames.MaxGeneratedNameLength+keyNsLen-1]) { continue } epss, exists, err := s.GetByKey(listKey) diff --git a/internal/ingress/controller/store/endpointslice_test.go b/internal/ingress/controller/store/endpointslice_test.go index fdc51c0e4..e12a98c2f 100644 --- a/internal/ingress/controller/store/endpointslice_test.go +++ b/internal/ingress/controller/store/endpointslice_test.go @@ -17,6 +17,7 @@ limitations under the License. package store import ( + "fmt" "testing" discoveryv1 "k8s.io/api/discovery/v1" @@ -91,4 +92,42 @@ func TestEndpointSliceLister(t *testing.T) { t.Errorf("expected %v, error, got %v", endpointSlice.GetName(), eps[0].GetName()) } }) + t.Run("svc long name", func(t *testing.T) { + el := newEndpointSliceLister(t) + ns := "namespace" + ns2 := "another-ns" + svcName := "test-backend-http-test-http-test-http-test-http-test-http-truncated" + svcName2 := "another-long-svc-name-for-test-inhttp-test-http-test-http-truncated" + key := fmt.Sprintf("%s/%s", ns, svcName) + endpointSlice := &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: ns, + Name: "test-backend-http-test-http-test-http-test-http-test-http-bar88", + Labels: map[string]string{ + discoveryv1.LabelServiceName: svcName, + }, + }, + } + el.Add(endpointSlice) + endpointSlice2 := &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: ns2, + Name: "another-long-svc-name-for-test-inhttp-test-http-test-http-bar88", + Labels: map[string]string{ + discoveryv1.LabelServiceName: svcName2, + }, + }, + } + el.Add(endpointSlice2) + eps, err := el.MatchByKey(key) + if err != nil { + t.Errorf("unexpeted error %v", err) + } + if len(eps) != 1 { + t.Errorf("expected one slice %v, error, got %d slices", endpointSlice, len(eps)) + } + if len(eps) == 1 && eps[0].Labels[discoveryv1.LabelServiceName] != svcName { + t.Errorf("expected slice %v, error, got %v slices", endpointSlice, eps[0]) + } + }) } diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index c7010b977..57b047230 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -34,6 +34,7 @@ import ( _ "k8s.io/ingress-nginx/test/e2e/annotations/modsecurity" _ "k8s.io/ingress-nginx/test/e2e/dbg" _ "k8s.io/ingress-nginx/test/e2e/defaultbackend" + _ "k8s.io/ingress-nginx/test/e2e/endpointslices" _ "k8s.io/ingress-nginx/test/e2e/gracefulshutdown" _ "k8s.io/ingress-nginx/test/e2e/ingress" _ "k8s.io/ingress-nginx/test/e2e/leaks" diff --git a/test/e2e/endpointslices/longname.go b/test/e2e/endpointslices/longname.go new file mode 100644 index 000000000..0adb66767 --- /dev/null +++ b/test/e2e/endpointslices/longname.go @@ -0,0 +1,55 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package endpointslices + +import ( + "fmt" + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.IngressNginxDescribe("[Endpointslices] long service name", func() { + f := framework.NewDefaultFramework("endpointslices") + host := "longsvcname.foo.com" + name := "long-name-foobar-foobar-foobar-foobar-foobar-bar-foo-bar-foobuz" + + ginkgo.BeforeEach(func() { + f.NewEchoDeployment(framework.WithName(name)) + }) + + ginkgo.It("should return 200 when service name has max allowed number of characters 63", func() { + + annotations := make(map[string]string) + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, name, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %s", host)) + }) + + ginkgo.By("checking if the service is reached") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + }) +}) diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index b37060af1..cb6ef9acc 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -67,6 +67,12 @@ func WithDeploymentReplicas(r int) func(*deploymentOptions) { } } +func WithName(n string) func(*deploymentOptions) { + return func(o *deploymentOptions) { + o.name = n + } +} + // NewEchoDeployment creates a new single replica deployment of the echo server image in a particular namespace func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { options := &deploymentOptions{ From 4bd7e176d81a8a055aeddf678626cce99190b96e Mon Sep 17 00:00:00 2001 From: James Strong Date: Sun, 6 Nov 2022 18:36:16 -0500 Subject: [PATCH 367/494] update base image of nginx to 1.21.6 (#9257) * add workflow dispatch and update nginx base Signed-off-by: James Strong * e2e were failing, added a go mod tidy Signed-off-by: James Strong * e2e were failing, added a go mod tidy Signed-off-by: James Strong * push mod and sum from main Signed-off-by: James Strong * Update NGINX_BASE Co-authored-by: Jintao Zhang Signed-off-by: James Strong Co-authored-by: Jintao Zhang --- .github/workflows/ci.yaml | 15 ++++++++++++--- NGINX_BASE | 2 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3410b326b..695799991 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -9,6 +9,13 @@ on: branches: - main + workflow_dispatch: + inputs: + run_e2e: + description: 'Force e2e to run' + required: true + type: boolean + permissions: contents: read @@ -40,9 +47,11 @@ jobs: - 'rootfs/**/*' - 'TAG' - 'test/e2e/**/*' + - 'NGINX_BASE' charts: - 'charts/ingress-nginx/Chart.yaml' - 'charts/ingress-nginx/**/*' + - 'NGINX_BASE' security: @@ -126,7 +135,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.charts == 'true') + (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} strategy: matrix: @@ -209,7 +218,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') + (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} strategy: matrix: @@ -266,7 +275,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') + (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} strategy: matrix: diff --git a/NGINX_BASE b/NGINX_BASE index bc477308f..45654c627 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:9fdbef829c327b95a3c6d6816a301df41bda997f@sha256:46c27294e467f46d0006ad1eb5fd3f7005eb3cbd00dd43be2ed9b02edfc6e828 +registry.k8s.io/ingress-nginx/nginx:0b5e0685112e4537ee20a0bdbba451e9f6158aa3@sha256:3f5e28bb248d5170e77b77fc2a1a385724aeff41a0b34b5afad7dd9cf93de000 From 5a42ec4f35ae6d62b240f61ceb075459aaece16e Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Tue, 8 Nov 2022 00:44:17 +0100 Subject: [PATCH 368/494] Fix CVE-2022-32149 (#9258) * Fix CVE-2022-32149 * fix CI --- go.sum | 9 --------- images/ext-auth-example-authsvc/rootfs/go.sum | 7 +------ images/kube-webhook-certgen/rootfs/go.mod | 4 ++-- images/kube-webhook-certgen/rootfs/go.sum | 13 ++++--------- 4 files changed, 7 insertions(+), 26 deletions(-) diff --git a/go.sum b/go.sum index 30d65e6b4..caed22265 100644 --- a/go.sum +++ b/go.sum @@ -862,15 +862,6 @@ golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/images/ext-auth-example-authsvc/rootfs/go.sum b/images/ext-auth-example-authsvc/rootfs/go.sum index 6e3fab295..045452c23 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.sum +++ b/images/ext-auth-example-authsvc/rootfs/go.sum @@ -141,12 +141,7 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 5ac181823..22c4424ea 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -31,9 +31,9 @@ require ( github.com/tidwall/gjson v1.14.0 // indirect golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect - golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 // indirect + golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect - golang.org/x/text v0.3.6 // indirect + golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect google.golang.org/appengine v1.6.5 // indirect google.golang.org/protobuf v1.26.0 // indirect diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 5889d4e49..13ce4b641 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -543,20 +543,15 @@ golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 90a9d6457536158b433719ff4a9a7ed5b4356c06 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Tue, 8 Nov 2022 00:46:17 +0100 Subject: [PATCH 369/494] Fix CVE-2022-1996 (#9244) * CVE-2022-1996 * clean * fix * fix --- go.mod | 2 +- go.sum | 6 +++--- images/kube-webhook-certgen/rootfs/go.sum | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 58c4c58de..103a74005 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,7 @@ require ( github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/eapache/queue v1.1.0 // indirect - github.com/emicklei/go-restful/v3 v3.8.0 // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b // indirect github.com/go-errors/errors v1.0.1 // indirect diff --git a/go.sum b/go.sum index caed22265..010a929d0 100644 --- a/go.sum +++ b/go.sum @@ -154,9 +154,9 @@ github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= -github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 13ce4b641..61f5a8b34 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -88,7 +88,7 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= From 5cba77c2f9d1a6a53c21df8ec4840e36c6eea414 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Nov 2022 15:48:16 -0800 Subject: [PATCH 370/494] Bump github.com/prometheus/client_golang from 1.13.0 to 1.13.1 (#9262) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.13.0 to 1.13.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/v1.13.1/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.13.0...v1.13.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 103a74005..f5bc85af1 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/onsi/ginkgo/v2 v2.4.0 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 - github.com/prometheus/client_golang v1.13.0 + github.com/prometheus/client_golang v1.13.1 github.com/prometheus/client_model v0.3.0 github.com/prometheus/common v0.37.0 github.com/spf13/cobra v1.6.1 diff --git a/go.sum b/go.sum index 010a929d0..4059a3604 100644 --- a/go.sum +++ b/go.sum @@ -490,8 +490,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU= -github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= +github.com/prometheus/client_golang v1.13.1 h1:3gMjIY2+/hzmqhtUC/aQNYldJA6DtH3CgQvwS+02K1c= +github.com/prometheus/client_golang v1.13.1/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= From 6b22d5a7444ae83caba8404cd1c687f3ecffc507 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Nov 2022 15:50:16 -0800 Subject: [PATCH 371/494] Bump github/codeql-action from 2.1.29 to 2.1.31 (#9263) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.29 to 2.1.31. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6...c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index fae11715f..7e936c08b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # v2.1.14 + uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 004370a90..f33a550dd 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 + uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 644f05dd755fe595fb9ca7dcf4d5609b2dd3e99c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Nov 2022 15:52:16 -0800 Subject: [PATCH 372/494] Bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 (#9264) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.7.1 to 0.8.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/d63413b0a4a4482237085319f7f4a1ce99a8f2ac...9ab158e8597f3b310480b9a69402b419bc03dbd5) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/vulnerability-scans.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index f33a550dd..6cb1dada7 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -60,7 +60,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac #v0.5.1 + uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 #v0.5.1 with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' From ae3c2464d6571ccbca7ec59b598e711127d97789 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Nov 2022 00:00:34 +0000 Subject: [PATCH 373/494] Bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.13.1 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.13.1. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.13.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 12 ++- go.sum | 286 ++++++--------------------------------------------------- 2 files changed, 35 insertions(+), 263 deletions(-) diff --git a/go.mod b/go.mod index f5bc85af1..3be4325f6 100644 --- a/go.mod +++ b/go.mod @@ -30,16 +30,16 @@ require ( gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.3 - k8s.io/apiextensions-apiserver v0.23.5 + k8s.io/apiextensions-apiserver v0.25.0 k8s.io/apimachinery v0.25.3 k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 k8s.io/client-go v0.25.3 - k8s.io/code-generator v0.23.5 + k8s.io/code-generator v0.25.0 k8s.io/component-base v0.25.3 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 - sigs.k8s.io/controller-runtime v0.11.2 + sigs.k8s.io/controller-runtime v0.13.1 sigs.k8s.io/mdtoc v1.1.0 ) @@ -63,6 +63,7 @@ require ( github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b // indirect github.com/go-errors/errors v1.0.1 // indirect github.com/go-logr/logr v1.2.3 // indirect @@ -86,6 +87,7 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect github.com/moby/sys/mountinfo v0.5.0 // indirect @@ -110,7 +112,7 @@ require ( golang.org/x/sys v0.1.0 // indirect golang.org/x/term v0.1.0 // indirect golang.org/x/text v0.4.0 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect + golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect golang.org/x/tools v0.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect @@ -119,7 +121,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect + k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect diff --git a/go.sum b/go.sum index 4059a3604..322c6b4aa 100644 --- a/go.sum +++ b/go.sum @@ -34,7 +34,6 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -45,14 +44,10 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= -github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= @@ -68,8 +63,6 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -81,28 +74,15 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= -github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= @@ -121,40 +101,23 @@ github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= -github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/channels v1.1.0 h1:F1taHcn7/F0i8DYqKXJnyhJcVpp2kgFcNePxXtnyu4k= github.com/eapache/channels v1.1.0/go.mod h1:jMm2qB5Ubtg9zLd+inMZd2/NUvXgzmWXsDaLyQIGfH0= github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -168,19 +131,13 @@ github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go. github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= +github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= -github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= @@ -200,12 +157,10 @@ github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= @@ -216,16 +171,12 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -265,8 +216,6 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= -github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -313,49 +262,18 @@ github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= -github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= +github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -366,16 +284,12 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -390,41 +304,27 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-isatty v0.0.3 h1:ns/ykhmWi7G9O+8a448SecJU3nSMBXJfqQkl0upE1jI= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mmarkdown/mmark v2.0.40+incompatible h1:vMeUeDzBK3H+/mU0oMVfMuhSXJlIA+DE/DMPQNAj5C4= github.com/mmarkdown/mmark v2.0.40+incompatible/go.mod h1:Uvmoz7tvsWpr7bMVxIpqZPyN3FbOtzDmnsJDFp7ltJs= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= -github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -437,41 +337,26 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod github.com/moul/pb v0.0.0-20220425114252-bca18df4138c h1:1STmblv9zmHLDpru4dbnf1PNL6wrrZNf7yBH+SfQU+s= github.com/moul/pb v0.0.0-20220425114252-bca18df4138c/go.mod h1:jE2HT8eoucYyUPBFJMreiVlC3KPHkDMtN8wn+ef7Y64= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/ncabatoff/fakescraper v0.0.0-20201102132415-4b37ba603d65/go.mod h1:Tx6UMSMyIsjLG/VU/F6xA1+0XI+/f9o1dGJnf1l+bPg= github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 h1:t4WWQ9I797y7QUgeEjeXnVb+oYuEDQc6gLvrZJTYo94= github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833/go.mod h1:0CznHmXSjMEqs5Tezj/w2emQoM41wzYM9KpDKUHPYag= github.com/ncabatoff/process-exporter v0.7.10 h1:+Ere7+3se6QqP54gg7aBRagWcL8bq3u5zNi/GRSWeKQ= github.com/ncabatoff/process-exporter v0.7.10/go.mod h1:DHZRZjqxw9LCOpLlX0DjBuyn6d5plh41Jv6Tmttj7Ek= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.22.1 h1:pY8O4lBfsHKZHM/6nrxkhVPUznOlIu3quZcKP/M20KI= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -479,13 +364,9 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= @@ -498,27 +379,21 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1: github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= @@ -526,8 +401,6 @@ github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUA github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= @@ -535,30 +408,14 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -576,15 +433,11 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA= @@ -598,18 +451,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a h1:CbXWHAnmrtTKgX+yMVVANuRJP8ld88ELbAYAYnBdLJ4= github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a/go.mod h1:/Hzu8ych2oXCs1iNI+MeASyFzWTncQ6nlu/wgqbqC2A= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= -go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= -go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= -go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -617,43 +460,20 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= -go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= -go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= -go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= -go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= -go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= +go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= @@ -697,11 +517,7 @@ golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -724,7 +540,6 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -732,7 +547,6 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= @@ -741,10 +555,7 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= @@ -760,7 +571,6 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -778,12 +588,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -795,13 +601,10 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -816,14 +619,11 @@ golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -835,7 +635,6 @@ golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -845,53 +644,52 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/time v0.0.0-20220609170525-579cf78fd858 h1:Dpdu/EMxGMFgq0CeYMh4fazTD2vtlZRYE7wyynxJb9U= +golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -931,7 +729,6 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -960,7 +757,6 @@ google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34q google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= @@ -997,7 +793,6 @@ google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -1009,7 +804,6 @@ google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -1089,23 +883,15 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/pool.v3 v3.1.1 h1:4Qcj91IsYTpIeRhe/eo6Fz+w6uKWPEghx8vHFTYMfhw= gopkg.in/go-playground/pool.v3 v3.1.1/go.mod h1:pUAGBximS/hccTTSzEop6wvvQhVa3QPDFFW+8REdutg= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/mcuadros/go-syslog.v2 v2.3.0 h1:kcsiS+WsTKyIEPABJBJtoG0KkOS6yzvJ+/eZlhD79kk= gopkg.in/mcuadros/go-syslog.v2 v2.3.0/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1117,12 +903,9 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1130,39 +913,30 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ= k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI= -k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= -k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= -k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= +k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY= +k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E= k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc= k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= -k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= -k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0= k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA= -k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= -k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= -k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= +k8s.io/code-generator v0.25.0 h1:QP8fJuXu882ztf6dsqJsso/Btm94pMd68TAZC1rE6KI= +k8s.io/code-generator v0.25.0/go.mod h1:B6jZgI3DvDFAualltPitbYMQ74NjaCFxum3YeKZZ+3w= k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4= k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI= -k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= -k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI= +k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= -k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4= k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= @@ -1170,10 +944,8 @@ pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= -sigs.k8s.io/controller-runtime v0.11.2 h1:H5GTxQl0Mc9UjRJhORusqfJCIjBO8UtUxGggCwL1rLA= -sigs.k8s.io/controller-runtime v0.11.2/go.mod h1:P6QCzrEjLaZGqHsfd+os7JQ+WFZhvB8MRFsn4dWF7O4= -sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= +sigs.k8s.io/controller-runtime v0.13.1 h1:tUsRCSJVM1QQOOeViGeX3GMT3dQF1eePPw6sEE3xSlg= +sigs.k8s.io/controller-runtime v0.13.1/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= @@ -1182,8 +954,6 @@ sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2 sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4= sigs.k8s.io/mdtoc v1.1.0 h1:q3YtqYzmC2e0hgLXRIOm7/QLuPux1CX3ZHCwlbABxZo= sigs.k8s.io/mdtoc v1.1.0/go.mod h1:QZLVEdHH2iNIR4uHAZyvFRtjloHgVItk8lo/mzCtq3w= -sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= From 4d4358f6739af655edbdbcbe9aa6cd3ef33792f6 Mon Sep 17 00:00:00 2001 From: Njegos Railic Date: Tue, 8 Nov 2022 15:44:25 +0100 Subject: [PATCH 374/494] Adding support for disabling liveness and readiness probes in the Helm chart (#9238) --- charts/ingress-nginx/templates/controller-daemonset.yaml | 4 ++++ charts/ingress-nginx/templates/controller-deployment.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 805d2f209..4163e255c 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -102,8 +102,12 @@ spec: {{- if .Values.controller.startupProbe }} startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} {{- end }} + {{- if .Values.controller.livenessProbe }} livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.controller.readinessProbe }} readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} + {{- end }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index fcbdab80d..dfe4cae92 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -106,8 +106,12 @@ spec: {{- if .Values.controller.startupProbe }} startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} {{- end }} + {{- if .Values.controller.livenessProbe }} livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.controller.readinessProbe }} readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} + {{- end }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} From e03f8cc0360495530dd70889ce30e56ec6f06e52 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 8 Nov 2022 10:24:58 -0500 Subject: [PATCH 375/494] start 1.5.0 release Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 66d62a800..2e7bd9108 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.1 +v1.5.0 From 894937993107e1dbe6e1b28bd916b06790a07d3c Mon Sep 17 00:00:00 2001 From: Oblivion Date: Tue, 8 Nov 2022 16:46:53 +0000 Subject: [PATCH 376/494] fix CVE-2022-27664 --- go.sum | 43 ------------------ images/ext-auth-example-authsvc/rootfs/go.sum | 14 +----- images/kube-webhook-certgen/rootfs/go.mod | 6 +-- images/kube-webhook-certgen/rootfs/go.sum | 45 +++---------------- 4 files changed, 11 insertions(+), 97 deletions(-) diff --git a/go.sum b/go.sum index 322c6b4aa..e212f2972 100644 --- a/go.sum +++ b/go.sum @@ -515,49 +515,6 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= diff --git a/images/ext-auth-example-authsvc/rootfs/go.sum b/images/ext-auth-example-authsvc/rootfs/go.sum index 045452c23..2ca056fae 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.sum +++ b/images/ext-auth-example-authsvc/rootfs/go.sum @@ -105,19 +105,7 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 22c4424ea..5e2e98f54 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -29,10 +29,10 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tidwall/gjson v1.14.0 // indirect - golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect + golang.org/x/net v0.1.0 // indirect golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect - golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect - golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect + golang.org/x/sys v0.1.0 // indirect + golang.org/x/term v0.1.0 // indirect golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect google.golang.org/appengine v1.6.5 // indirect diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 61f5a8b34..a05f65b19 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -451,39 +451,8 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -535,21 +504,21 @@ golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 3bca5e9c19bedfef2365a9214bd0c1675d53a725 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 8 Nov 2022 15:48:44 -0500 Subject: [PATCH 377/494] missed CVE-2022-27664 #9273 in 1.5.0 build Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 2e7bd9108..53b5bbb12 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.0 +v1.5.1 From 63dbbdbb3a099417f411fbd1d684fa2a287c96cd Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 9 Nov 2022 20:08:54 -0500 Subject: [PATCH 378/494] udate readme, charts and static deploys for release 1.5.1 (#9280) Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/ci.yaml | 6 +- Changelog.md | 96 ++++++++++++++++++- README.md | 46 ++++----- charts/ingress-nginx/CHANGELOG.md | 7 ++ charts/ingress-nginx/Chart.yaml | 12 +-- charts/ingress-nginx/README.md | 8 +- charts/ingress-nginx/values.yaml | 6 +- deploy/static/provider/aws/deploy.yaml | 48 +++++----- .../aws/nlb-with-tls-termination/deploy.yaml | 48 +++++----- deploy/static/provider/baremetal/deploy.yaml | 48 +++++----- deploy/static/provider/cloud/deploy.yaml | 48 +++++----- deploy/static/provider/do/deploy.yaml | 48 +++++----- deploy/static/provider/exoscale/deploy.yaml | 48 +++++----- deploy/static/provider/kind/deploy.yaml | 48 +++++----- deploy/static/provider/scw/deploy.yaml | 48 +++++----- docs/deploy/index.md | 20 ++-- 16 files changed, 342 insertions(+), 243 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 695799991..6f0c4aee2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -139,7 +139,7 @@ jobs: strategy: matrix: - k8s: [v1.22.15, v1.23.12, v1.24.6, v1.25.2] + k8s: [v1.23.13, v1.24.7, v1.25.3] steps: @@ -222,7 +222,7 @@ jobs: strategy: matrix: - k8s: [v1.23.12, v1.24.6, v1.25.2] + k8s: [v1.23.13, v1.24.7, v1.25.3] steps: @@ -279,7 +279,7 @@ jobs: strategy: matrix: - k8s: [v1.23.12, v1.24.6, v1.25.2] + k8s: [v1.23.13, v1.24.7, v1.25.3] steps: diff --git a/Changelog.md b/Changelog.md index 34b49e28a..a7b62be50 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,99 @@ # Changelog +### 1.5.1 + +* Upgrade NGINX to 1.21.6 +* Upgrade Golang 1.19.2 +* Fix Service Name length Bug [9245](https://github.com/kubernetes/ingress-nginx/pull/9245) +* CVE fixes CVE-2022-32149, CVE-2022-27664, CVE-2022-1996 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.5.1@sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345 + +### All Changes: + +* chore Fixed to Support Versions table by @yutachaos in https://github.com/kubernetes/ingress-nginx/pull/9117 +* Updated incorrect version number in the Installation Guide by @afro-coder in https://github.com/kubernetes/ingress-nginx/pull/9120 +* Updated the Developer guide with New Contributor information by @afro-coder in https://github.com/kubernetes/ingress-nginx/pull/9114 +* Remove deprecated net dependency by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/9110 +* Fixed docs helm-docs version by @yutachaos in https://github.com/kubernetes/ingress-nginx/pull/9121 +* Fix CVE 2022 27664 by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/9109 +* upgrade to golang 1.19.2 by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/9124 +* fix e2e resource leak when ginkgo exit before clear resource by @loveRhythm1990 in https://github.com/kubernetes/ingress-nginx/pull/9103 +* fix: handle 401 and 403 by external auth by @johanneswuerbach in https://github.com/kubernetes/ingress-nginx/pull/9131 +* Move bowei to emeritus owner by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/9150 +* fix null ports by @tombokombo in https://github.com/kubernetes/ingress-nginx/pull/9149 +* Documentation added for implemented redirection in the proxy to ensure image pulling by @Sanghamitra-PERSONAL in https://github.com/kubernetes/ingress-nginx/pull/9098 +* updating runner with golang 1.19.2 by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/9158 +* Add install command for OVHcloud by @scraly in https://github.com/kubernetes/ingress-nginx/pull/9171 +* GitHub Templates: Remove trailing whitespaces. by @Gacko in https://github.com/kubernetes/ingress-nginx/pull/9172 +* Update helm chart changelog to show that kubernetes v1.21.x is no longer supported by @cskinfill in https://github.com/kubernetes/ingress-nginx/pull/9147 +* Add section to troubleshooting docs for failure to listen on port by @jrhunger in https://github.com/kubernetes/ingress-nginx/pull/9185 +* Implement parseFloat for annotations by @kirs in https://github.com/kubernetes/ingress-nginx/pull/9195 +* fix typo in docs. by @guettli in https://github.com/kubernetes/ingress-nginx/pull/9167 +* add:(admission-webhooks) ability to set securityContext by @ybelMekk in https://github.com/kubernetes/ingress-nginx/pull/9186 +* Fix Markdown header level by @jaens in https://github.com/kubernetes/ingress-nginx/pull/9210 +* chore: bump NGINX version v1.21.4 by @tao12345666333 in https://github.com/kubernetes/ingress-nginx/pull/8889 +* chore: update NGINX to 1.21.6 by @tao12345666333 in https://github.com/kubernetes/ingress-nginx/pull/9231 +* fix svc long name by @tombokombo in https://github.com/kubernetes/ingress-nginx/pull/9245 +* update base image of nginx to 1.21.6 by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/9257 +* Fix CVE-2022-32149 by @esigo in https://github.com/kubernetes/ingress-nginx/pull/9258 +* Fix CVE-2022-1996 by @esigo in https://github.com/kubernetes/ingress-nginx/pull/9244 +* Adding support for disabling liveness and readiness probes to the Helm chart by @njegosrailic in https://github.com/kubernetes/ingress-nginx/pull/9238 +* fix CVE-2022-27664 by @esigo in https://github.com/kubernetes/ingress-nginx/pull/9273 +* Add CVE-2022-27664 #9273 in latest release by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/9275 + +### Dependencies updates: + +* Bump docker/setup-buildx-action from 2.0.0 to 2.1.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9180 +* Bump dorny/paths-filter from 2.10.2 to 2.11.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9183 +* Bump helm/chart-releaser-action from 1.4.0 to 1.4.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9136 +* Bump github/codeql-action from 2.1.25 to 2.1.27 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9137 +* Bump ossf/scorecard-action from 2.0.3 to 2.0.4 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9138 +* Bump google.golang.org/grpc from 1.49.0 to 1.50.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9134 +* Bump actions/checkout from 3.0.2 to 3.1.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9135 +* Bump actions/dependency-review-action from 2.5.0 to 2.5.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9237 +* Bump github/codeql-action from 2.1.28 to 2.1.29 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9236 +* Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9233 +* Bump actions/upload-artifact from 3.1.0 to 3.1.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9234 +* Bump azure/setup-helm from 3.3 to 3.4 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9235 +* Bump github.com/onsi/ginkgo/v2 from 2.3.1 to 2.4.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9201 +* Bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9208 +* Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9202 +* Bump ossf/scorecard-action from 2.0.4 to 2.0.6 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9203 +* Bump docker/setup-buildx-action from 2.1.0 to 2.2.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9204 +* Bump actions/setup-go from 3.3.0 to 3.3.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9205 +* Bump github/codeql-action from 2.1.27 to 2.1.28 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9206 +* Bump actions/download-artifact from 3.0.0 to 3.0.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9207 +* Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9200 +* Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9173 +* Bump google.golang.org/grpc from 1.50.0 to 1.50.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9174 +* Bump k8s.io/component-base from 0.25.2 to 0.25.3 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9175 +* Bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9176 +* Bump github.com/onsi/ginkgo/v2 from 2.2.0 to 2.3.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9177 +* Bump geekyeggo/delete-artifact from 1.0.0 to 2.0.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9178 +* Bump actions/dependency-review-action from 2.4.0 to 2.5.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9179 +* Bump docker/setup-qemu-action from 2.0.0 to 2.1.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9181 +* Bump securego/gosec from 2.13.1 to 2.14.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9182 + + +## New Contributors +* @yutachaos made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9117 +* @Gacko made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9123 +* @loveRhythm1990 made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9103 +* @johanneswuerbach made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9131 +* @FutureMatt made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9133 +* @Sanghamitra-PERSONAL made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9098 +* @scraly made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9171 +* @cskinfill made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9147 +* @jrhunger made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9185 +* @guettli made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9167 +* @ybelMekk made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9186 +* @jaens made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9210 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.4.0...controller-v1.5.1 ### 1.4.0 @@ -49,8 +143,6 @@ REMOVED Also upgraded to golang 1.19.1 - - Images: * registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 diff --git a/README.md b/README.md index 1af0a6000..f8c020b68 100644 --- a/README.md +++ b/README.md @@ -6,17 +6,11 @@ [![GitHub stars](https://img.shields.io/github/stars/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/stargazers) [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) -### Community Update - -We will discuss the results of our Community Survey, progress on the stabilization project, and ideas going -forward with the project at [Kubecon NA 2022 in Detroit](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/). Come join us and let us hear what you'd like to see in the -future for ingress-nginx. - -https://kccncna2022.sched.com/event/18lgl?iframe=no ## Overview -ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load balancer. +ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load +balancer. [Learn more about Ingress on the main Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/). @@ -26,18 +20,25 @@ See the [Getting Started](https://kubernetes.github.io/ingress-nginx/deploy/) do ## Troubleshooting -If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.md), [file an issue](https://github.com/kubernetes/ingress-nginx/issues), or talk to us on the [#ingress-nginx channel](https://kubernetes.slack.com/messages/ingress-nginx) on the Kubernetes Slack server. +If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.md), +[file an issue](https://github.com/kubernetes/ingress-nginx/issues), or talk to us on the +[#ingress-nginx channel](https://kubernetes.slack.com/messages/ingress-nginx) on the Kubernetes Slack server. ## Changelog See [the list of releases](https://github.com/kubernetes/ingress-nginx/releases) to find out about feature changes. For detailed changes for each release; please check the [Changelog.md](Changelog.md) file. -For detailed changes on the `ingress-nginx` helm chart, please check the following [CHANGELOG.md](charts/ingress-nginx/CHANGELOG.md) file. +For detailed changes on the `ingress-nginx` helm chart, please check the following +[CHANGELOG.md](charts/ingress-nginx/CHANGELOG.md) file. -### Support Versions table +### Supported Versions table + +Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for +the versions listed. Ingress-Nginx versions may work on older versions but the project does not make that guarantee. | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | @@ -54,29 +55,28 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | -† _This build is [patched against CVE-2021-23017](https://github.com/openresty/openresty/commit/4b5ec7edd78616f544abc194308e0cf4b788725b#diff-42ef841dc27fe0b5aa2d06bd31308bb63a59cdcddcbcddd917248349d22020a3)._ +† _This build is +[patched against CVE-2021-23017](https://github.com/openresty/openresty/commit/4b5ec7edd78616f544abc194308e0cf4b788725b#diff-42ef841dc27fe0b5aa2d06bd31308bb63a59cdcddcbcddd917248349d22020a3)._ -See [this article](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) if you want upgrade to the stable Ingress API. +See [this article](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) if you want upgrade to the stable +Ingress API. ## Get Involved Thanks for taking the time to join our community and start contributing! -- This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md). By participating in this project, you agree to abide by its terms. +- This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md). + By participating in this project, you agree to abide by its terms. - **Contributing**: Contributions of all kind are welcome! - - Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information about setting up your environment, the workflow that we expect, and instructions on the developer certificate of origin that we require. - + - Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information about setting up your environment, the workflow that we + expect, and instructions on the developer certificate of origin that we require. - Join our Kubernetes Slack channel for developer discussion : [#ingress-nginx-dev](https://kubernetes.slack.com/archives/C021E147ZA4). - - - Submit github issues for any feature enhancements, bugs or documentation problems. Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**. - -- **Support**: Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users. - + - Submit GitHub issues for any feature enhancements, bugs or documentation problems. Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**. + - **Support**: Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users. - The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests. - -- **Discuss**: Tweet using the `#IngressNginx` hashtag. + - **Discuss**: Tweet using the `#IngressNginx` hashtag. ## License diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index 2ec24733e..1b7adb25b 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -2,6 +2,13 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 4.4.0 + +* Adding support for disabling liveness and readiness probes to the Helm chart by @njegosrailic in https://github.com/kubernetes/ingress-nginx/pull/9238 +* add:(admission-webhooks) ability to set securityContext by @ybelMekk in https://github.com/kubernetes/ingress-nginx/pull/9186 +* #7652 - Updated Helm chart to use the fullname for the electionID if not specified. by @FutureMatt in https://github.com/kubernetes/ingress-nginx/pull/9133 +* Rename controller-wehbooks-networkpolicy.yaml. by @Gacko in https://github.com/kubernetes/ingress-nginx/pull/9123 + ### 4.3.0 - Support for Kubernetes v.1.25.0 was added and support for endpoint slices - Support for Kubernetes v1.20.0 and v1.21.0 was removed diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 9cf62ecf9..461601f59 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.3.0 -appVersion: 1.4.0 +version: 4.4.0 +appVersion: 1.5.1 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -25,7 +25,7 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "[8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices" - - "[9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191" - - "[9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name" - - "[9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations" + - Adding support for disabling liveness and readiness probes to the Helm chart + - add:(admission-webhooks) ability to set securityContext + - Updated Helm chart to use the fullname for the electionID if not specified + - Rename controller-wehbooks-networkpolicy.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 6ce41792e..bf4dcc8cd 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.3.0](https://img.shields.io/badge/Version-4.3.0-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) +![Version: 4.4.0](https://img.shields.io/badge/Version-4.4.0-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -312,13 +312,13 @@ Kubernetes: `>=1.20.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143"` | | -| controller.image.digestChroot | string | `"sha256:b67e889f1db8692de7e41d4d9aef8de56645bf048261f31fa7f8bfc6ea2222a0"` | | +| controller.image.digest | string | `"sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629"` | | +| controller.image.digestChroot | string | `"sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.4.0"` | | +| controller.image.tag | string | `"v1.5.1"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 9092a5de9..6304f2637 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.4.0" - digest: sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - digestChroot: sha256:b67e889f1db8692de7e41d4d9aef8de56645bf048261f31fa7f8bfc6ea2222a0 + tag: "v1.5.1" + digest: sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + digestChroot: sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 5c656bfae..fbdf9486a 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -359,7 +359,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -392,7 +392,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,7 +415,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -437,7 +437,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -455,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,7 +527,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -538,7 +538,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -574,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -585,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -623,7 +623,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -636,7 +636,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 91886150d..73ec24286 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -368,7 +368,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -401,7 +401,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -424,7 +424,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -446,7 +446,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -464,7 +464,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -539,7 +539,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -550,7 +550,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -586,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -597,7 +597,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -635,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -648,7 +648,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index bb9ce026c..9e6e905bb 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -431,7 +431,7 @@ spec: containers: - args: - /nginx-ingress-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -449,7 +449,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -568,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -579,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -617,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -630,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 372c71909..dd986a55d 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -388,7 +388,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -433,7 +433,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -451,7 +451,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -570,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -581,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -619,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -632,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index c7da768ff..64e0366b4 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -358,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -436,7 +436,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -454,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -537,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -622,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index dfb0e8f7d..d6a40aed9 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -364,7 +364,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -420,7 +420,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -442,7 +442,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -460,7 +460,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -590,7 +590,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -628,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -641,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index cde5ece76..62ead9e34 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -435,7 +435,7 @@ spec: containers: - args: - /nginx-ingress-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -455,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -537,7 +537,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -548,7 +548,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -595,7 +595,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -633,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -646,7 +646,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 25880d180..d52f01489 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -358,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -436,7 +436,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -454,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -537,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -622,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 3f99c7a44..29495b5c0 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -62,7 +62,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -225,7 +225,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -233,10 +233,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -282,7 +282,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -299,7 +299,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -307,7 +307,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -315,7 +315,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -330,7 +330,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` A @@ -357,7 +357,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), From 726d7e6239807c4cde0b6c51fe24de256b43c18e Mon Sep 17 00:00:00 2001 From: pellmont Date: Thu, 10 Nov 2022 11:38:54 +0100 Subject: [PATCH 379/494] add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) --- charts/ingress-nginx/README.md | 2 +- ...-extra-modules-default-container-sec-context.yaml | 12 ++++++++++++ ...extra-modules-specific-container-sec-context.yaml | 12 ++++++++++++ .../templates/controller-daemonset.yaml | 6 ++++++ .../templates/controller-deployment.yaml | 3 +++ charts/ingress-nginx/values.yaml | 4 +++- 6 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml create mode 100644 charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index bf4dcc8cd..f34615399 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -300,7 +300,7 @@ Kubernetes: `>=1.20.0-0` | controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. | | controller.extraEnvs | list | `[]` | Additional environment variables to set | | controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. | -| controller.extraModules | list | `[]` | | +| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module | | controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. | | controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. | | controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the ingress nginx controller is running in the `hostNetwork: true` mode. | diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml new file mode 100644 index 000000000..2310c344e --- /dev/null +++ b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml @@ -0,0 +1,12 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + containerSecurityContext: + allowPrivilegeEscalation: false + extraModules: + - name: opentelemetry + image: busybox diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml new file mode 100644 index 000000000..bd2f011cc --- /dev/null +++ b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml @@ -0,0 +1,12 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + extraModules: + - name: opentelemetry + image: busybox + containerSecurityContext: + allowPrivilegeEscalation: false diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 4163e255c..802730331 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -181,6 +181,12 @@ spec: - name: {{ .Name }} image: {{ .Image }} command: ['sh', '-c', '/usr/local/bin/init_module.sh'] + {{- if (or $.Values.controller.containerSecurityContext .containerSecurityContext) }} + securityContext: {{ .containerSecurityContext | default $.Values.controller.containerSecurityContext | toYaml | nindent 14 }} + {{- end }} + volumeMounts: + - name: modules + mountPath: /modules_mount {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index dfe4cae92..9dac747ea 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -187,6 +187,9 @@ spec: - name: {{ .name }} image: {{ .image }} command: ['sh', '-c', '/usr/local/bin/init_module.sh'] + {{- if (or $.Values.controller.containerSecurityContext .containerSecurityContext) }} + securityContext: {{ .containerSecurityContext | default $.Values.controller.containerSecurityContext | toYaml | nindent 14 }} + {{- end }} volumeMounts: - name: modules mountPath: /modules_mount diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 6304f2637..dc9980d14 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -577,10 +577,12 @@ controller: # image: busybox # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] + # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module extraModules: [] - ## Modules, which are mounted into the core nginx image # - name: opentelemetry # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220906-g981ce38a7@sha256:aa079daa7efd93aa830e26483a49a6343354518360929494bad1d0ad3303142e + # containerSecurityContext: + # allowPrivilegeEscalation: false # # The image must contain a `/usr/local/bin/init_module.sh` executable, which # will be executed as initContainers, to move its config files within the From 170af7be88ccbcd3a13f67811ab728d056377a26 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Thu, 10 Nov 2022 12:20:54 +0100 Subject: [PATCH 380/494] PDB: Add `maxUnavailable`. (#9278) --- charts/ingress-nginx/README.md | 2 +- .../templates/controller-poddisruptionbudget.yaml | 4 ++++ charts/ingress-nginx/values.yaml | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index f34615399..f4486ac91 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -367,7 +367,7 @@ Kubernetes: `>=1.20.0-0` | controller.metrics.serviceMonitor.relabelings | list | `[]` | | | controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | | | controller.metrics.serviceMonitor.targetLabels | list | `[]` | | -| controller.minAvailable | int | `1` | | +| controller.minAvailable | int | `1` | Define either 'minAvailable' or 'maxUnavailable', never both. | | controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | controller.name | string | `"controller"` | | | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml index 8dfbe9891..899d3cc5d 100644 --- a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -15,5 +15,9 @@ spec: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} app.kubernetes.io/component: controller + {{- if .Values.controller.minAvailable }} minAvailable: {{ .Values.controller.minAvailable }} + {{- else if .Values.controller.maxUnavailable }} + maxUnavailable: {{ .Values.controller.maxUnavailable }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index dc9980d14..c71fd2080 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -345,7 +345,10 @@ controller: replicaCount: 1 + # -- Define either 'minAvailable' or 'maxUnavailable', never both. minAvailable: 1 + # -- Define either 'minAvailable' or 'maxUnavailable', never both. + # maxUnavailable: 1 ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 From 69a811dde9368f0464c1e050648a979a67fad3e8 Mon Sep 17 00:00:00 2001 From: Michael Wittig <948604+Sh4kE@users.noreply.github.com> Date: Thu, 10 Nov 2022 14:48:56 +0100 Subject: [PATCH 381/494] fix broken annotation yaml (#9243) --- charts/ingress-nginx/templates/controller-serviceaccount.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml index e31819f7c..e6e776d09 100644 --- a/charts/ingress-nginx/templates/controller-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml @@ -12,7 +12,7 @@ metadata: namespace: {{ .Release.Namespace }} {{- if .Values.serviceAccount.annotations }} annotations: - {{- toYaml .Values.serviceAccount.annotations | indent 4 }} + {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} From 3db3c19685a6f74859a95859ff75ca87890752c5 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 11 Nov 2022 10:00:10 -0500 Subject: [PATCH 382/494] run helm release on main only and when the chart/value changes only (#9290) Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/helm.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 4dadc9349..33e06bbdc 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -4,7 +4,6 @@ on: push: branches: - main - - legacy permissions: contents: read @@ -34,7 +33,7 @@ jobs: filters: | charts: - 'charts/ingress-nginx/Chart.yaml' - - 'charts/ingress-nginx/**/*' + - 'charts/ingress-nginx/values.yaml' chart: name: Release Chart @@ -52,7 +51,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 @@ -64,10 +63,10 @@ jobs: git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Helm Chart Releaser - uses: helm/chart-releaser-action@v1.4.1 + uses: helm/chart-releaser-action@98bccfd32b0f76149d188912ac8e45ddd3f8695f #v1.4.1 env: CR_SKIP_EXISTING: "false" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" with: - charts_dir: charts + charts_dir: charts \ No newline at end of file From f08369cdc6d69e5fd8f88644843c884683ae9f49 Mon Sep 17 00:00:00 2001 From: Joseph Richardson <49208786+JoeHCQ1@users.noreply.github.com> Date: Sun, 13 Nov 2022 14:29:56 -0500 Subject: [PATCH 383/494] Fixed indentation in commented-out autoscaling (#9225) --- charts/ingress-nginx/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index c71fd2080..35f922f6b 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -372,7 +372,7 @@ controller: behavior: {} # scaleDown: # stabilizationWindowSeconds: 300 - # policies: + # policies: # - type: Pods # value: 1 # periodSeconds: 180 From a66ee73c5adb005fc4626d2bc750e7fe7f1125ff Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Mon, 14 Nov 2022 20:50:43 +0100 Subject: [PATCH 384/494] OpenTelemetry static linking (#9286) * static otel lib * clean * nginx 1.21 --- images/opentelemetry/rootfs/CMakeLists.txt | 2 +- images/opentelemetry/rootfs/Dockerfile | 2 +- images/opentelemetry/rootfs/build.sh | 48 +--------------------- 3 files changed, 4 insertions(+), 48 deletions(-) diff --git a/images/opentelemetry/rootfs/CMakeLists.txt b/images/opentelemetry/rootfs/CMakeLists.txt index 7278016a0..e4abc7346 100644 --- a/images/opentelemetry/rootfs/CMakeLists.txt +++ b/images/opentelemetry/rootfs/CMakeLists.txt @@ -80,7 +80,7 @@ ExternalProject_Add( -DgRPC_SSL_PROVIDER=package -DOPENSSL_ROOT_DIR=OpenSSL -DgRPC_BUILD_TESTS=OFF - -DBUILD_SHARED_LIBS=ON + -DBUILD_SHARED_LIBS=OFF -DgRPC_INSTALL=ON CMAKE_CACHE_ARGS -DCMAKE_CXX_FLAGS:STRING=${CMAKE_CXX_FLAGS} TEST_AFTER_INSTALL 0 diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index f8fb37811..3c137dbe2 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -39,7 +39,7 @@ COPY --from=grpc /opt/third_party/install/ /usr COPY --from=otel-cpp /opt/third_party/install/ /usr RUN bash /opt/third_party/build.sh -n -FROM alpine:3.16.2 +FROM alpine:3.16.2 as final COPY --from=base /opt/third_party/init_module.sh /usr/local/bin/init_module.sh COPY --from=nginx /etc/nginx/modules /etc/nginx/modules COPY --from=nginx /opt/third_party/install/lib /etc/nginx/modules diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index 91298274d..19914932c 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -97,7 +97,7 @@ install_otel() -DWITH_JAEGER=OFF \ -DCMAKE_INSTALL_PREFIX=${INSTAL_DIR} \ -DBUILD_TESTING=OFF \ - -DBUILD_SHARED_LIBS=ON \ + -DBUILD_SHARED_LIBS=OFF \ -DWITH_OTLP=ON \ -DWITH_OTLP_GRPC=ON \ -DWITH_EXAMPLES=OFF \ @@ -123,7 +123,7 @@ get_src() install_nginx() { - export NGINX_VERSION=1.19.10 + export NGINX_VERSION=1.21.6 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/2656a4...main export OPENTELEMETRY_CONTRIB_COMMIT=6467ec2e4d67b08b44580b7eb7a298786f4eef91 @@ -153,50 +153,6 @@ install_nginx() cp ${INSTAL_DIR}/otel_ngx_module.so /etc/nginx/modules/otel_ngx_module.so mkdir -p ${INSTAL_DIR}/lib - cp /usr/lib/libopentelemetry_exporter_otlp_grpc.so* ${INSTAL_DIR}/lib - cp /usr/lib/libopentelemetry_otlp_recordable.so* ${INSTAL_DIR}/lib - cp /usr/lib/libprotobuf.so* ${INSTAL_DIR}/lib - cp /usr/lib/libopentelemetry_trace.so* ${INSTAL_DIR}/lib - cp /usr/lib/libopentelemetry_resources.so* ${INSTAL_DIR}/lib - cp /usr/lib/libopentelemetry_common.so* ${INSTAL_DIR}/lib - cp /usr/lib/libstdc++.so* ${INSTAL_DIR}/lib - - cp /usr/lib/libgrpc.so* ${INSTAL_DIR}/lib - cp /usr/lib/libgcc_s.so* ${INSTAL_DIR}/lib - cp /usr/lib/libgrpc++.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_bad_variant_access.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_synchronization.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_raw_hash_set.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_hash.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_statusor.so* ${INSTAL_DIR}/lib - cp /usr/lib/libgpr.so* ${INSTAL_DIR}/lib - cp /usr/lib/libupb.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_status.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_time.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_strings.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_stacktrace.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_symbolize.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_malloc_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_base.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_spinlock_wait.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_raw_logging_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libre2.so* ${INSTAL_DIR}/lib - cp /usr/lib/libaddress_sorting.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_cord.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_bad_optional_access.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_str_format_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_throw_delegate.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_time_zone.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_city.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_low_level_hash.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_cordz_info.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_int128.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_strings_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_debugging_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_cord_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_cordz_functions.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_cordz_handle.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_exponential_biased.so* ${INSTAL_DIR}/lib } while getopts ":hpng:o:" option; do From f6af3b460a262bc75278ea17e15f2c16ac69b7f3 Mon Sep 17 00:00:00 2001 From: Gabriel Gosselin <12598930+toutougabi@users.noreply.github.com> Date: Mon, 14 Nov 2022 21:58:41 -0500 Subject: [PATCH 385/494] Missing controller.ingressClass (#9304) The missing controller.ingressClass would set the deployment to the default class but the controller.ingressClassResource.name would set the creation of a new IngressClass object. For now this needs to be done twice, could be a fix in the chart later on. --- docs/index.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index 5687bf5d3..fded1b2bc 100644 --- a/docs/index.md +++ b/docs/index.md @@ -223,6 +223,7 @@ If you start Ingress-Nginx B with the command line argument `--watch-ingress-wit helm install ingress-nginx-2 ingress-nginx/ingress-nginx \ --namespace ingress-nginx-2 \ --set controller.ingressClassResource.name=nginx-two \ + --set controller.ingressClass=nginx-two \ --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \ --set controller.ingressClassResource.enabled=true \ --set controller.ingressClassByName=true @@ -234,7 +235,9 @@ If you start Ingress-Nginx B with the command line argument `--watch-ingress-wit --namespace kube-system \ --set controller.electionID=nginx-two-leader \ --set controller.ingressClassResource.name=nginx-two \ + --set controller.ingressClass=nginx-two \ --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \ --set controller.ingressClassResource.enabled=true \ --set controller.ingressClassByName=true - ``` \ No newline at end of file + ``` + - Note, controller.ingressClassResource.name and controller.ingressClass have to be set with the value of the new class as the first is to create the IngressClass object and the other is to modify the deployment of the actuall ingress controller pod. From 1930b1467d93238bbcd96daac8e3863a91e58747 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Tue, 15 Nov 2022 18:34:42 +0530 Subject: [PATCH 386/494] added SAN to cert create command (#9295) --- docs/user-guide/tls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/tls.md b/docs/user-guide/tls.md index 3d5234c0c..11338981b 100644 --- a/docs/user-guide/tls.md +++ b/docs/user-guide/tls.md @@ -10,7 +10,7 @@ Anytime we reference a TLS secret, we mean a PEM-encoded X.509, RSA (2048) secre You can generate a self-signed certificate and private key with: ```bash -$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}" +$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}" -addext "subjectAltName = DNS:${HOST}" ``` Then create the secret in the cluster via: From 2422f16c3afc4fa3d6b408126336a1c115daa326 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Nov 2022 14:22:48 -0800 Subject: [PATCH 387/494] Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300) Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.25.3 to 0.25.4. - [Release notes](https://github.com/kubernetes/component-base/releases) - [Commits](https://github.com/kubernetes/component-base/compare/v0.25.3...v0.25.4) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 3be4325f6..7bcc6b487 100644 --- a/go.mod +++ b/go.mod @@ -29,14 +29,14 @@ require ( google.golang.org/grpc v1.50.1 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.25.3 + k8s.io/api v0.25.4 k8s.io/apiextensions-apiserver v0.25.0 - k8s.io/apimachinery v0.25.3 + k8s.io/apimachinery v0.25.4 k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 - k8s.io/client-go v0.25.3 + k8s.io/client-go v0.25.4 k8s.io/code-generator v0.25.0 - k8s.io/component-base v0.25.3 + k8s.io/component-base v0.25.4 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.13.1 diff --git a/go.sum b/go.sum index e212f2972..9067276db 100644 --- a/go.sum +++ b/go.sum @@ -515,6 +515,49 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -870,22 +913,22 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ= -k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI= +k8s.io/api v0.25.4 h1:3YO8J4RtmG7elEgaWMb4HgmpS2CfY1QlaOz9nwB+ZSs= +k8s.io/api v0.25.4/go.mod h1:IG2+RzyPQLllQxnhzD8KQNEu4c4YvyDTpSMztf4A0OQ= k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY= k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E= -k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc= -k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= +k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc= +k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= -k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0= -k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA= +k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8= +k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw= k8s.io/code-generator v0.25.0 h1:QP8fJuXu882ztf6dsqJsso/Btm94pMd68TAZC1rE6KI= k8s.io/code-generator v0.25.0/go.mod h1:B6jZgI3DvDFAualltPitbYMQ74NjaCFxum3YeKZZ+3w= -k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4= -k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI= +k8s.io/component-base v0.25.4 h1:n1bjg9Yt+G1C0WnIDJmg2fo6wbEU1UGMRiQSjmj7hNQ= +k8s.io/component-base v0.25.4/go.mod h1:nnZJU8OP13PJEm6/p5V2ztgX2oyteIaAGKGMYb2L2cY= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From b6c6305523ae65114dabeca347fba7ab68e1c789 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Nov 2022 14:24:47 -0800 Subject: [PATCH 388/494] Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.5.1 to 3.0.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/0efb1d1d84fc9633afcdaad14c485cbbc90ef46c...30d582111533d59ab793fd9f971817241654f3ec) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 85c91d664..39125cde4 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c #v2.0.2 + uses: actions/dependency-review-action@30d582111533d59ab793fd9f971817241654f3ec #v2.0.2 From c1413e6079b0e642dcc923642b0df1c5baa29df9 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Thu, 17 Nov 2022 09:24:40 -0300 Subject: [PATCH 389/494] Validate ingress path fields (#9309) * Validate characters in path fields * Add e2e tests for path validation * Fix review comments --- internal/ingress/controller/store/store.go | 5 + pkg/util/ingress/ingress.go | 25 ++++ pkg/util/ingress/ingress_test.go | 85 +++++++++++++ test/e2e/security/invalid_paths.go | 134 +++++++++++++++++++++ 4 files changed, 249 insertions(+) create mode 100644 test/e2e/security/invalid_paths.go diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 7913eb0de..7f493bd8a 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -59,6 +59,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/resolver" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/pkg/apis/ingress" + ingressutils "k8s.io/ingress-nginx/pkg/util/ingress" ) // IngressFilterFunc decides if an Ingress should be omitted or not @@ -861,6 +862,10 @@ func (s *k8sStore) syncIngress(ing *networkingv1.Ingress) { if path.Path == "" { copyIng.Spec.Rules[ri].HTTP.Paths[pi].Path = "/" } + if !ingressutils.IsSafePath(copyIng, path.Path) { + klog.Warningf("ingress %s contains invalid path %s", key, path.Path) + return + } } } diff --git a/pkg/util/ingress/ingress.go b/pkg/util/ingress/ingress.go index 7df2cc114..5fb3ee7b9 100644 --- a/pkg/util/ingress/ingress.go +++ b/pkg/util/ingress/ingress.go @@ -18,15 +18,30 @@ package ingress import ( "fmt" + "regexp" "strings" + networkingv1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/net/ssl" "k8s.io/ingress-nginx/pkg/apis/ingress" "k8s.io/klog/v2" ) +const ( + alphaNumericChars = `\-\.\_\~a-zA-Z0-9/` + regexEnabledChars = `\^\$\[\]\(\)\{\}\*\+` +) + +var ( + // pathAlphaNumeric is a regex validation of something like "^/[a-zA-Z]+$" on path + pathAlphaNumeric = regexp.MustCompile("^/[" + alphaNumericChars + "]*$").MatchString + // pathRegexEnabled is a regex validation of paths that may contain regex. + pathRegexEnabled = regexp.MustCompile("^/[" + alphaNumericChars + regexEnabledChars + "]*$").MatchString +) + func GetRemovedHosts(rucfg, newcfg *ingress.Configuration) []string { oldSet := sets.NewString() newSet := sets.NewString() @@ -231,3 +246,13 @@ func BuildRedirects(servers []*ingress.Server) []*redirect { return redirectServers } + +// IsSafePath verifies if the path used in ingress object contains only valid characters. +// It will behave differently if regex is enabled or not +func IsSafePath(copyIng *networkingv1.Ingress, path string) bool { + isRegex, _ := parser.GetBoolAnnotation("use-regex", copyIng) + if isRegex { + return pathRegexEnabled(path) + } + return pathAlphaNumeric(path) +} diff --git a/pkg/util/ingress/ingress_test.go b/pkg/util/ingress/ingress_test.go index 24597fb6e..d829a57f1 100644 --- a/pkg/util/ingress/ingress_test.go +++ b/pkg/util/ingress/ingress_test.go @@ -17,8 +17,13 @@ limitations under the License. package ingress import ( + "fmt" "testing" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + networkingv1 "k8s.io/api/networking/v1" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/pkg/apis/ingress" ) @@ -130,3 +135,83 @@ func TestIsDynamicConfigurationEnough(t *testing.T) { t.Errorf("Expected new config to not change") } } + +func generateDumbIngressforPathTest(regexEnabled bool) *networkingv1.Ingress { + var annotations = make(map[string]string) + regexAnnotation := fmt.Sprintf("%s/use-regex", parser.AnnotationsPrefix) + if regexEnabled { + annotations[regexAnnotation] = "true" + } + return &networkingv1.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "dumb", + Namespace: "default", + Annotations: annotations, + }, + } +} + +func TestIsSafePath(t *testing.T) { + tests := []struct { + name string + copyIng *networkingv1.Ingress + path string + want bool + }{ + { + name: "should accept valid path with regex disabled", + want: true, + copyIng: generateDumbIngressforPathTest(false), + path: "/xpto/~user/t-e_st.exe", + }, + { + name: "should accept valid path / with regex disabled", + want: true, + copyIng: generateDumbIngressforPathTest(false), + path: "/", + }, + { + name: "should reject invalid path with invalid chars", + want: false, + copyIng: generateDumbIngressforPathTest(false), + path: "/foo/bar/;xpto", + }, + { + name: "should reject regex path when regex is disabled", + want: false, + copyIng: generateDumbIngressforPathTest(false), + path: "/foo/bar/(.+)", + }, + { + name: "should accept valid path / with regex enabled", + want: true, + copyIng: generateDumbIngressforPathTest(true), + path: "/", + }, + { + name: "should accept regex path when regex is enabled", + want: true, + copyIng: generateDumbIngressforPathTest(true), + path: "/foo/bar/(.+)", + }, + { + name: "should reject regex path when regex is enabled but the path is invalid", + want: false, + copyIng: generateDumbIngressforPathTest(true), + path: "/foo/bar/;xpto", + }, + { + name: "should reject regex path when regex is enabled but the path is invalid", + want: false, + copyIng: generateDumbIngressforPathTest(true), + path: ";xpto", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := IsSafePath(tt.copyIng, tt.path); got != tt.want { + t.Errorf("IsSafePath() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/test/e2e/security/invalid_paths.go b/test/e2e/security/invalid_paths.go new file mode 100644 index 000000000..d75aefc2c --- /dev/null +++ b/test/e2e/security/invalid_paths.go @@ -0,0 +1,134 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package security + +import ( + "fmt" + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +const ( + validPath = "/xpto/~user/t-e_st.exe" + invalidPath = "/foo/bar/;xpto" + regexPath = "/foo/bar/(.+)" + host = "securitytest.com" +) + +var ( + annotationRegex = map[string]string{ + "nginx.ingress.kubernetes.io/use-regex": "true", + } +) + +var _ = framework.IngressNginxDescribe("[Security] validate path fields", func() { + f := framework.NewDefaultFramework("validate-path") + + ginkgo.BeforeEach(func() { + f.NewEchoDeployment() + }) + + ginkgo.It("should accept an ingress with valid path", func() { + + ing := framework.NewSingleIngress(host, validPath, host, f.Namespace, framework.EchoService, 80, nil) + + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) + }) + + f.HTTPTestClient(). + GET(validPath). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + }) + + ginkgo.It("should drop an ingress with invalid path", func() { + + ing := framework.NewSingleIngress(host, invalidPath, host, f.Namespace, framework.EchoService, 80, nil) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return !strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) + }) + + f.HTTPTestClient(). + GET(invalidPath). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + }) + + ginkgo.It("should drop an ingress with regex path and regex disabled", func() { + + ing := framework.NewSingleIngress(host, regexPath, host, f.Namespace, framework.EchoService, 80, nil) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return !strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) + }) + + f.HTTPTestClient(). + GET("/foo/bar/lalala"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + }) + + ginkgo.It("should accept an ingress with regex path and regex enabled", func() { + + ing := framework.NewSingleIngress(host, regexPath, host, f.Namespace, framework.EchoService, 80, annotationRegex) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) + }) + + f.HTTPTestClient(). + GET("/foo/bar/lalala"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + }) + + ginkgo.It("should reject an ingress with invalid path and regex enabled", func() { + + ing := framework.NewSingleIngress(host, invalidPath, host, f.Namespace, framework.EchoService, 80, annotationRegex) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return !strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) + }) + + f.HTTPTestClient(). + GET(invalidPath). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + }) +}) From 8f134abb89abae628965ff8458f461c6c4cc84f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Nov 2022 04:22:31 -0800 Subject: [PATCH 390/494] Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.1 (#9317) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.4.0 to 2.5.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 7bcc6b487..6dc0fceb9 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.4.0 + github.com/onsi/ginkgo/v2 v2.5.1 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.1 @@ -78,7 +78,7 @@ require ( github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-cmp v0.5.8 // indirect + github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect @@ -109,7 +109,7 @@ require ( golang.org/x/mod v0.6.0 // indirect golang.org/x/net v0.1.0 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.1.0 // indirect + golang.org/x/sys v0.2.0 // indirect golang.org/x/term v0.1.0 // indirect golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect diff --git a/go.sum b/go.sum index 9067276db..2fbdb9db8 100644 --- a/go.sum +++ b/go.sum @@ -230,8 +230,8 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -349,9 +349,9 @@ github.com/ncabatoff/process-exporter v0.7.10/go.mod h1:DHZRZjqxw9LCOpLlX0DjBuyn github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= -github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/gomega v1.22.1 h1:pY8O4lBfsHKZHM/6nrxkhVPUznOlIu3quZcKP/M20KI= +github.com/onsi/ginkgo/v2 v2.5.1 h1:auzK7OI497k6x4OvWq+TKAcpcSAlod0doAH72oIN0Jw= +github.com/onsi/ginkgo/v2 v2.5.1/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= +github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -653,8 +653,8 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= From 4027efaefa97d4f495833662cd71d4f5e9c9c922 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Nov 2022 13:12:13 -0800 Subject: [PATCH 391/494] Bump golang.org/x/crypto from 0.1.0 to 0.3.0 (#9318) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.1.0 to 0.3.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.1.0...v0.3.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 6dc0fceb9..6d6bc2eff 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a - golang.org/x/crypto v0.1.0 + golang.org/x/crypto v0.3.0 google.golang.org/grpc v1.50.1 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 @@ -107,10 +107,10 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0 // indirect - golang.org/x/net v0.1.0 // indirect + golang.org/x/net v0.2.0 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect golang.org/x/sys v0.2.0 // indirect - golang.org/x/term v0.1.0 // indirect + golang.org/x/term v0.2.0 // indirect golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect golang.org/x/tools v0.2.0 // indirect diff --git a/go.sum b/go.sum index 2fbdb9db8..3eb74db73 100644 --- a/go.sum +++ b/go.sum @@ -476,8 +476,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= +golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -558,8 +558,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -657,8 +657,8 @@ golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From d24c97c63e4fd47e0b979256d510ba96ea479f1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Nov 2022 13:14:12 -0800 Subject: [PATCH 392/494] Bump actions/dependency-review-action from 3.0.0 to 3.0.1 (#9319) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/30d582111533d59ab793fd9f971817241654f3ec...11310527b429536e263dc6cc47873e608189ba21) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 39125cde4..5350d6e57 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@30d582111533d59ab793fd9f971817241654f3ec #v2.0.2 + uses: actions/dependency-review-action@11310527b429536e263dc6cc47873e608189ba21 #v2.0.2 From 7b53347984154d1ea713fbf4a671a172ed79dfac Mon Sep 17 00:00:00 2001 From: caption <101684156+chncaption@users.noreply.github.com> Date: Tue, 22 Nov 2022 05:18:17 +0800 Subject: [PATCH 393/494] update gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b to 3.0.0 (#9277) --- images/kube-webhook-certgen/rootfs/go.mod | 2 +- images/kube-webhook-certgen/rootfs/go.sum | 45 +++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 5e2e98f54..b98adf58b 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -39,7 +39,7 @@ require ( google.golang.org/protobuf v1.26.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect + gopkg.in/yaml.v3 v3.0.0 // indirect k8s.io/klog/v2 v2.9.0 // indirect k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c // indirect k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a // indirect diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index a05f65b19..0270e3297 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -88,6 +88,7 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -451,6 +452,38 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -504,9 +537,12 @@ golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -519,6 +555,13 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -667,6 +710,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From c07f8a573bbfb929b7d85ab069bbc705e5739a76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Nov 2022 13:20:13 -0800 Subject: [PATCH 394/494] Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 (#9298) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.13.1 to 1.14.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.13.1...v1.14.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6d6bc2eff..91bda5845 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/onsi/ginkgo/v2 v2.5.1 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 - github.com/prometheus/client_golang v1.13.1 + github.com/prometheus/client_golang v1.14.0 github.com/prometheus/client_model v0.3.0 github.com/prometheus/common v0.37.0 github.com/spf13/cobra v1.6.1 diff --git a/go.sum b/go.sum index 3eb74db73..f53cec3a6 100644 --- a/go.sum +++ b/go.sum @@ -371,8 +371,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.13.1 h1:3gMjIY2+/hzmqhtUC/aQNYldJA6DtH3CgQvwS+02K1c= -github.com/prometheus/client_golang v1.13.1/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= +github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= +github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= From 02cfcff81e86b571fe9431af558a5a0cce99960d Mon Sep 17 00:00:00 2001 From: Michael Weibel <307427+mweibel@users.noreply.github.com> Date: Tue, 22 Nov 2022 05:56:15 -0800 Subject: [PATCH 395/494] remove hardcoded datasource from grafana dashboard (#9284) --- deploy/grafana/dashboards/nginx.json | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/deploy/grafana/dashboards/nginx.json b/deploy/grafana/dashboards/nginx.json index 718d41a83..85f93c9eb 100644 --- a/deploy/grafana/dashboards/nginx.json +++ b/deploy/grafana/dashboards/nginx.json @@ -1235,10 +1235,7 @@ "type": "table" }, { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, + "datasource": "${DS_PROMETHEUS}", "fieldConfig": { "defaults": { "color": { @@ -1314,10 +1311,6 @@ "repeatDirection": "h", "targets": [ { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, "exemplar": true, "expr": "histogram_quantile(0.80, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", "format": "time_series", @@ -1329,10 +1322,6 @@ "refId": "C" }, { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, "exemplar": true, "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", "format": "time_series", @@ -1344,10 +1333,6 @@ "refId": "D" }, { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, "editorMode": "code", "exemplar": true, "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", @@ -1373,10 +1358,7 @@ "mode": "spectrum" }, "dataFormat": "tsbuckets", - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, + "datasource": "${DS_PROMETHEUS}", "description": "", "gridPos": { "h": 7, @@ -1394,10 +1376,6 @@ "reverseYBuckets": false, "targets": [ { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, "exemplar": true, "expr": "sum(increase(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le)", "format": "heatmap", From b34f6ef324ad038de4e235706f84f7075a8c836b Mon Sep 17 00:00:00 2001 From: aimuz Date: Thu, 24 Nov 2022 09:38:03 +0800 Subject: [PATCH 396/494] remove the configmap related permissions (#9310) ref: https://github.com/kubernetes/ingress-nginx/pull/8921 We have used the Lease API for selection Signed-off-by: aimuz Signed-off-by: aimuz --- .../templates/controller-role.yaml | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 395c88e10..d1aa9aac7 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -58,26 +58,6 @@ rules: - get - list - watch - # TODO(Jintao Zhang) - # Once we release a new version of the controller, - # we will be able to remove the configmap related permissions - # We have used the Lease API for selection - # ref: https://github.com/kubernetes/ingress-nginx/pull/8921 - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - {{ include "ingress-nginx.controller.electionID" . }} - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resources: From 1e08519a733b50134eae37f300f96b58bdb616e5 Mon Sep 17 00:00:00 2001 From: LongWuYuan Date: Fri, 25 Nov 2022 06:09:11 +0530 Subject: [PATCH 397/494] fixed multiple ginkgo versions --- build/run-in-docker.sh | 2 +- images/test-runner/rootfs/Dockerfile | 2 +- test/e2e/run-chart-test.sh | 2 +- test/e2e/run.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index b0377f455..64dad1cf9 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -77,7 +77,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "FLAGS=$FLAGS" go env set -x - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.1.4 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index 790bf1248..199997536 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -49,7 +49,7 @@ ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" -RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.1.4 && go install golang.org/x/lint/golint@latest +RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 && go install golang.org/x/lint/golint@latest ARG RESTY_CLI_VERSION ARG RESTY_CLI_SHA diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 2af8aa1d3..fdb3121d8 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/v2/ginkgo@v2.1.4 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 0fc6fdb5e..4cd95267f 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -79,7 +79,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/v2/ginkgo@v2.1.4 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 fi echo "[dev-env] building image" From 9d562c47abe8475fc62528140352b7e802ef6bbe Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 25 Nov 2022 14:58:06 +0530 Subject: [PATCH 398/494] create nsswitch-conf if missing (#9339) --- images/test-runner/rootfs/Dockerfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index 199997536..30e7e1ab2 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -21,7 +21,13 @@ FROM registry.k8s.io/etcd:${ETCD_VERSION} as etcd FROM ${BASE_IMAGE} -RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf +RUN set -eux; \ + if [ -e /etc/nsswitch.conf ]; then \ + grep '^hosts: files dns' /etc/nsswitch.conf; \ + else \ + echo 'hosts: files dns' > /etc/nsswitch.conf; \ + fi + COPY --from=GO /usr/local/go /usr/local/go COPY --from=etcd /usr/local/bin/etcd /usr/local/bin/etcd From b338cb391754125b7884196d7b8d4b55dbad14d8 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sat, 26 Nov 2022 08:46:04 +0530 Subject: [PATCH 399/494] bumped ginkgo to v2.5.1 in testrunner (#9340) --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 64dad1cf9..cb8ad18f0 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221012-controller-v1.4.0-14-g93df79676@sha256:9ab6a412b0ea6ae77abc80309608976ec15141e146fa91ef4352400cb9051086} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221125-controller-v1.5.1-21-g9d562c47a@sha256:50c5469f08b664e928a3035ac94a2348955b669d7ac33809abc674c8fd6c19c1} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index ce46b93ab..64094ec34 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20221012-controller-v1.4.0-14-g93df79676@sha256:9ab6a412b0ea6ae77abc80309608976ec15141e146fa91ef4352400cb9051086" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20221125-controller-v1.5.1-21-g9d562c47a@sha256:50c5469f08b664e928a3035ac94a2348955b669d7ac33809abc674c8fd6c19c1" image: echo "..entered Makefile in /test/e2e-image" From 3437cab8ca40c929812df10fd94eb20eda240c46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9?= Date: Wed, 30 Nov 2022 16:44:55 +0100 Subject: [PATCH 400/494] Fix typos found by codespell (#9353) ``` $ codespell ./README.md:178: informations ==> information ./README.md.gotmpl:177: informations ==> information ./CHANGELOG.md:132: comparision ==> comparison ./CHANGELOG.md:142: executible ==> executable ./CHANGELOG.md:159: defaul ==> default ``` --- charts/ingress-nginx/CHANGELOG.md | 6 +++--- charts/ingress-nginx/README.md | 2 +- charts/ingress-nginx/README.md.gotmpl | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index 1b7adb25b..7d81ac1bd 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -129,7 +129,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku - [8118] https://github.com/kubernetes/ingress-nginx/pull/8118 Remove deprecated libraries, update other libs - [8117] https://github.com/kubernetes/ingress-nginx/pull/8117 Fix codegen errors - [8115] https://github.com/kubernetes/ingress-nginx/pull/8115 chart/ghaction: set the correct permission to have access to push a release -- [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparision of P… +- [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparison of P… - [8088] https://github.com/kubernetes/ingress-nginx/pull/8088 Fix Edit this page link to use main branch - [8072] https://github.com/kubernetes/ingress-nginx/pull/8072 Expose GeoIP2 Continent code as variable - [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 docs(charts): using helm-docs for chart @@ -139,7 +139,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku - [8046] https://github.com/kubernetes/ingress-nginx/pull/8046 Report expired certificates (#8045) - [8044] https://github.com/kubernetes/ingress-nginx/pull/8044 remove G109 check till gosec resolves issues - [8042] https://github.com/kubernetes/ingress-nginx/pull/8042 docs_multiple_instances_one_cluster_ticket_7543 -- [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executible name +- [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executable name - [8035] https://github.com/kubernetes/ingress-nginx/pull/8035 Comment busy owners - [8029] https://github.com/kubernetes/ingress-nginx/pull/8029 Add stream-snippet as a ConfigMap and Annotation option - [8023] https://github.com/kubernetes/ingress-nginx/pull/8023 fix nginx compilation flags @@ -156,7 +156,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku - [7996] https://github.com/kubernetes/ingress-nginx/pull/7996 doc: improvement - [7983] https://github.com/kubernetes/ingress-nginx/pull/7983 Fix a couple of misspellings in the annotations documentation. - [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 allow set annotations for admission Jobs -- [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to defaul server +- [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to default server - [7975] https://github.com/kubernetes/ingress-nginx/pull/7975 add legacy version update v0.50.0 to main changelog - [7972] https://github.com/kubernetes/ingress-nginx/pull/7972 updated service upstream definition diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index f4486ac91..5922884cd 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -175,7 +175,7 @@ controller: internal: enabled: true annotations: - # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing + # Create internal LB. More information: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing # For GKE versions 1.17 and later networking.gke.io/load-balancer-type: "Internal" # For earlier versions diff --git a/charts/ingress-nginx/README.md.gotmpl b/charts/ingress-nginx/README.md.gotmpl index 895996111..9a7d7bdfd 100644 --- a/charts/ingress-nginx/README.md.gotmpl +++ b/charts/ingress-nginx/README.md.gotmpl @@ -174,7 +174,7 @@ controller: internal: enabled: true annotations: - # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing + # Create internal LB. More information: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing # For GKE versions 1.17 and later networking.gke.io/load-balancer-type: "Internal" # For earlier versions From c234d1f10b846f7e7a7028f58a14f89b1245c01d Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sat, 3 Dec 2022 07:13:53 +0530 Subject: [PATCH 401/494] added ginkgo junit reports (#9350) --- build/run-e2e-suite.sh | 35 +++++++++++++++++++++++++++++++++++ test/e2e-image/e2e.sh | 16 ++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/build/run-e2e-suite.sh b/build/run-e2e-suite.sh index 15eacc355..ebbac9145 100755 --- a/build/run-e2e-suite.sh +++ b/build/run-e2e-suite.sh @@ -88,3 +88,38 @@ kubectl run --rm \ --overrides='{ "apiVersion": "v1", "spec":{"serviceAccountName": "ingress-nginx-e2e"}}' \ e2e --image=nginx-ingress-controller:e2e +# Get the junit-reports stored in the configMaps created during e2etests +echo "Getting the report files out now.." +reportsDir="test/junitreports" +reportFileName="report-e2e-test-suite" +[ ! -e ${reportsDir} ] && mkdir $reportsDir +cd $reportsDir + +# TODO: Seeking Rikatz help here to extract in a loop. Tried things like below without success +#for cmName in `k get cm -l junitreport=true -o json | jq '.items[].binaryData | keys[]' | tr '\"' ' '` +#do +# +# kubectl get cm -l junitreport=true -o json | jq -r '[.items[].binaryData | to_entries[] | {"key": .key, "value": .value }] | from_entries' +# + +# Below lines successfully extract the report but they are one line per report. +# We only have 3 ginkgo reports so its ok for now +# But still, ideally this should be a loop as talked about in comments a few lines above +kubectl get cm $reportFileName.xml.gz -o "jsonpath={.binaryData['report-e2e-test-suite\.xml\.gz']}" > $reportFileName.xml.gz.base64 +kubectl get cm $reportFileName-serial.xml.gz -o "jsonpath={.binaryData['report-e2e-test-suite-serial\.xml\.gz']}" > $reportFileName-serial.xml.gz.base64 + +cat $reportFileName.xml.gz.base64 | base64 -d > $reportFileName.xml.gz +cat $reportFileName-serial.xml.gz.base64 | base64 -d > $reportFileName-serial.xml.gz + +gzip -d $reportFileName.xml.gz +gzip -d $reportFileName-serial.xml.gz + +rm *.base64 +cd ../.. + +# TODO Temporary: if condition to check if the memleak cm exists and only then try the extract for the memleak report +# +#kubectl get cm $reportFileName-serial -o "jsonpath={.data['report-e2e-test-suite-memleak\.xml\.gz']}" > $reportFileName-memleak.base64 +#cat $reportFileName-memleak.base64 | base64 -d > $reportFileName-memleak.xml.gz +#gzip -d $reportFileName-memleak.xml.gz +echo "done getting the reports files out.." diff --git a/test/e2e-image/e2e.sh b/test/e2e-image/e2e.sh index 24e52bcde..150d2d06e 100755 --- a/test/e2e-image/e2e.sh +++ b/test/e2e-image/e2e.sh @@ -34,23 +34,39 @@ ginkgo_args=( "-timeout=75m" ) +# Variable for the prefix of report filenames +reportFileNamePrefix="report-e2e-test-suite" + echo -e "${BGREEN}Running e2e test suite (FOCUS=${FOCUS})...${NC}" ginkgo "${ginkgo_args[@]}" \ -focus="${FOCUS}" \ -skip="\[Serial\]|\[MemoryLeak\]" \ -nodes="${E2E_NODES}" \ + --junit-report=$reportFileNamePrefix.xml \ /e2e.test +# Create configMap out of a compressed report file for extraction later echo -e "${BGREEN}Running e2e test suite with tests that require serial execution...${NC}" ginkgo "${ginkgo_args[@]}" \ -focus="\[Serial\]" \ -skip="\[MemoryLeak\]" \ + --junit-report=$reportFileNamePrefix-serial.xml \ /e2e.test +# Create configMap out of a compressed report file for extraction later if [[ ${E2E_CHECK_LEAKS} != "" ]]; then echo -e "${BGREEN}Running e2e test suite with tests that check for memory leaks...${NC}" ginkgo "${ginkgo_args[@]}" \ -focus="\[MemoryLeak\]" \ -skip="\[Serial\]" \ + --junit-report=$reportFileNamePrefix-memleak.xml \ /e2e.test +# Create configMap out of a compressed report file for extraction later fi + +for rFile in `ls $reportFileNamePrefix*` +do + gzip -k $rFile + kubectl create cm $rFile.gz --from-file $rFile.gz + kubectl label cm $rFile.gz junitreport=true +done From 5aa49dc66d7e74adbbc34bcecbafc7cb08625e94 Mon Sep 17 00:00:00 2001 From: Saumya <76432998+SaumyaBhushan@users.noreply.github.com> Date: Sat, 3 Dec 2022 10:43:54 +0530 Subject: [PATCH 402/494] removed deprecation messsage for ingressClass annotation (#9357) * removed deprecation messsage for ingressClass annotation * modified: docs/user-guide/multiple-ingress.md * modified: docs/user-guide/multiple-ingress.md * modified: docs/user-guide/multiple-ingress.md --- docs/user-guide/multiple-ingress.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/multiple-ingress.md b/docs/user-guide/multiple-ingress.md index 35e0e45dc..179041727 100644 --- a/docs/user-guide/multiple-ingress.md +++ b/docs/user-guide/multiple-ingress.md @@ -2,7 +2,9 @@ By default, deploying multiple Ingress controllers (e.g., `ingress-nginx` & `gce`) will result in all controllers simultaneously racing to update Ingress status fields in confusing ways. -To fix this problem, use [IngressClasses](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class). The `kubernetes.io/ingress.class` annotation is deprecated from kubernetes v1.22+. +To fix this problem, use [IngressClasses](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class). The `kubernetes.io/ingress.class` annotation is not being preferred or suggested to use as it can be deprecated in future. Better to use the field `ingress.spec.ingressClassName`. +But, when user has deployed with `scope.enabled`, then the ingress class resource field is not used. + ## Using IngressClasses From 8a5eaa63a93ee247b63b9cf6e3892abacd352d0c Mon Sep 17 00:00:00 2001 From: Tatu Pesonen Date: Sat, 3 Dec 2022 12:28:58 +0200 Subject: [PATCH 403/494] fix(typo): pluralize provider (#9346) --- docs/user-guide/basic-usage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/basic-usage.md b/docs/user-guide/basic-usage.md index 2142121d2..aee0c0fd3 100644 --- a/docs/user-guide/basic-usage.md +++ b/docs/user-guide/basic-usage.md @@ -1,6 +1,6 @@ # Basic usage - host based routing -ingress-nginx can be used for many use cases, inside various cloud provider and supports a lot of configurations. In this section you can find a common usage scenario where a single load balancer powered by ingress-nginx will route traffic to 2 different HTTP backend services based on the host name. +ingress-nginx can be used for many use cases, inside various cloud providers and supports a lot of configurations. In this section you can find a common usage scenario where a single load balancer powered by ingress-nginx will route traffic to 2 different HTTP backend services based on the host name. First of all follow the instructions to install ingress-nginx. Then imagine that you need to expose 2 HTTP services already installed, `myServiceA`, `myServiceB`, and configured as `type: ClusterIP`. From 27ffeeb18f73bbde1b66866e796714308cebf1f4 Mon Sep 17 00:00:00 2001 From: Sjouke de Vries Date: Sun, 4 Dec 2022 20:35:56 +0100 Subject: [PATCH 404/494] fix(hpa): deprecated api version, bump to v2 (#9348) * fix(hpa): deprecated api version, bump to v2 * chore(hpa): abstract hpa apiVersion to helm value * feat(hpa): add controller.autoscaling.apiVersion docs in README * docs(hpa): quotes around apiVersion string type * chore(hpa): run helm-docs in repo * chore(hpa): remove local helm-docs module install and output * docs(helm): add hpa controller.autoscaling.apiVersion description * docs(hpa): remove autoscaling.apiVersion description as it fails ci --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/templates/controller-hpa.yaml | 2 +- charts/ingress-nginx/values.yaml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 5922884cd..5ddd046ea 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -277,6 +277,7 @@ Kubernetes: `>=1.20.0-0` | controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # | | controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected | | controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # | +| controller.autoscaling.apiVersion | string | `"autoscaling/v2"` | | | controller.autoscaling.behavior | object | `{}` | | | controller.autoscaling.enabled | bool | `false` | | | controller.autoscaling.maxReplicas | int | `11` | | diff --git a/charts/ingress-nginx/templates/controller-hpa.yaml b/charts/ingress-nginx/templates/controller-hpa.yaml index e0979f14b..d1e78bdfc 100644 --- a/charts/ingress-nginx/templates/controller-hpa.yaml +++ b/charts/ingress-nginx/templates/controller-hpa.yaml @@ -1,7 +1,7 @@ {{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} {{- if not .Values.controller.keda.enabled }} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ .Values.controller.autoscaling.apiVersion }} kind: HorizontalPodAutoscaler metadata: annotations: diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 35f922f6b..f80095c56 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -364,6 +364,7 @@ controller: # Mutually exclusive with keda autoscaling autoscaling: + apiVersion: autoscaling/v2 enabled: false minReplicas: 1 maxReplicas: 11 From 49bd5dd7633a56bf5f9a65ca2e35b56e9567d3f5 Mon Sep 17 00:00:00 2001 From: Adam Hukalowicz Date: Sun, 4 Dec 2022 20:39:54 +0100 Subject: [PATCH 405/494] ModSecurity dependencies update to avoid Memory Leaks (#9330) * Update ModSecurity to latest head * modsecurity version pinned --- images/nginx/rootfs/build.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 5a6394fd9..6d8937a22 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -56,11 +56,11 @@ export MSGPACK_VERSION=3.3.0 # Check for recent changes: https://github.com/DataDog/dd-opentracing-cpp/compare/v1.3.2...master export DATADOG_CPP_VERSION=1.3.2 -# Check for recent changes: https://github.com/SpiderLabs/ModSecurity-nginx/compare/v1.0.2...master -export MODSECURITY_VERSION=1.0.2 +# Check for recent changes: https://github.com/SpiderLabs/ModSecurity-nginx/compare/v1.0.3...master +export MODSECURITY_VERSION=1.0.3 -# Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.5...v3/master -export MODSECURITY_LIB_VERSION=v3.0.8 +# Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.8...v3/master +export MODSECURITY_LIB_VERSION=e9a7ba4a60be48f761e0328c6dfcc668d70e35a0 # Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v3.3.2...v3.3/master export OWASP_MODSECURITY_CRS_VERSION=v3.3.4 @@ -229,7 +229,7 @@ get_src cbe625cba85291712253db5bc3870d60c709acfad9a8af5a302673d3d201e3ea \ get_src 71de3d0658935db7ccea20e006b35e58ddc7e4c18878b9523f2addc2371e9270 \ "https://github.com/rnburn/zipkin-cpp-opentracing/archive/$ZIPKIN_CPP_VERSION.tar.gz" -get_src f8d3ff15520df736c5e20e91d5852ec27e0874566c2afce7dcb979e2298d6980 \ +get_src 32a42256616cc674dca24c8654397390adff15b888b77eb74e0687f023c8751b \ "https://github.com/SpiderLabs/ModSecurity-nginx/archive/v$MODSECURITY_VERSION.tar.gz" get_src 43e6a9fcb146ad871515f0d0873947e5d497a1c9c60c58cb102a97b47208b7c3 \ @@ -495,8 +495,9 @@ make install # build modsecurity library cd "$BUILD_PATH" -git clone --depth=1 -b $MODSECURITY_LIB_VERSION https://github.com/SpiderLabs/ModSecurity +git clone -n https://github.com/SpiderLabs/ModSecurity cd ModSecurity/ +git checkout $MODSECURITY_LIB_VERSION git submodule init git submodule update From 15c4078032d5a5a40ef3b5436261dc21a568c56b Mon Sep 17 00:00:00 2001 From: aimuz Date: Mon, 5 Dec 2022 03:49:54 +0800 Subject: [PATCH 406/494] Enable profiler-address to be configured (#9311) Signed-off-by: aimuz Signed-off-by: aimuz --- cmd/dataplane/main.go | 3 +-- cmd/nginx/main.go | 2 +- internal/nginx/main.go | 3 +++ pkg/flags/flags.go | 5 ++++- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/cmd/dataplane/main.go b/cmd/dataplane/main.go index 8ea59a412..0ab978429 100644 --- a/cmd/dataplane/main.go +++ b/cmd/dataplane/main.go @@ -82,8 +82,7 @@ func main() { mc.Start(conf.ValidationWebhook) if conf.EnableProfiling { - // TODO: Turn Profiler address configurable via flags - go metrics.RegisterProfiler("127.0.0.1", nginx.ProfilerPort) + go metrics.RegisterProfiler(nginx.ProfilerAddress, nginx.ProfilerPort) } ngx := controller.NewNGINXController(conf, mc) diff --git a/cmd/nginx/main.go b/cmd/nginx/main.go index c585ed95e..9f0973ec9 100644 --- a/cmd/nginx/main.go +++ b/cmd/nginx/main.go @@ -143,7 +143,7 @@ func main() { mc.Start(conf.ValidationWebhook) if conf.EnableProfiling { - go metrics.RegisterProfiler("127.0.0.1", nginx.ProfilerPort) + go metrics.RegisterProfiler(nginx.ProfilerAddress, nginx.ProfilerPort) } ngx := controller.NewNGINXController(conf, mc) diff --git a/internal/nginx/main.go b/internal/nginx/main.go index 88d2ee877..ae319fe1f 100644 --- a/internal/nginx/main.go +++ b/internal/nginx/main.go @@ -36,6 +36,9 @@ import ( // ProfilerPort port used by the ingress controller to expose the Go Profiler when it is enabled. var ProfilerPort = 10245 +// ProfilerAddress IP address used by the ingress controller to expose the Go Profiler when it is enabled. +var ProfilerAddress = "127.0.0.1" + // TemplatePath path of the NGINX template var TemplatePath = "/etc/nginx/template/nginx.tmpl" diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go index f7c1771e8..877000a7d 100644 --- a/pkg/flags/flags.go +++ b/pkg/flags/flags.go @@ -19,6 +19,7 @@ package flags import ( "flag" "fmt" + "net" "os" "time" @@ -201,7 +202,8 @@ Takes the form ":port". If not provided, no admission controller is starte internalLoggerAddress = flags.String("internal-logger-address", "127.0.0.1:11514", "Address to be used when binding internal syslogger") - profilerPort = flags.Int("profiler-port", 10245, "Port to use for expose the ingress controller Go profiler when it is enabled.") + profilerPort = flags.Int("profiler-port", 10245, "Port to use for expose the ingress controller Go profiler when it is enabled.") + profilerAddress = flags.IP("profiler-address", net.ParseIP("127.0.0.1"), "IP address used by the ingress controller to expose the Go Profiler when it is enabled.") statusUpdateInterval = flags.Int("status-update-interval", status.UpdateInterval, "Time interval in seconds in which the status should check if an update is required. Default is 60 seconds") @@ -275,6 +277,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g nginx.StatusPort = *statusPort nginx.StreamPort = *streamPort nginx.ProfilerPort = *profilerPort + nginx.ProfilerAddress = profilerAddress.String() if *enableSSLPassthrough && !ing_net.IsPortAvailable(*sslProxyPort) { return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --ssl-passthrough-proxy-port", *sslProxyPort) From dbb765a321644deb66a61dd84f0024d61bc9c845 Mon Sep 17 00:00:00 2001 From: Saumya <76432998+SaumyaBhushan@users.noreply.github.com> Date: Mon, 5 Dec 2022 01:20:01 +0530 Subject: [PATCH 407/494] resolved ginkgo deprecation message (#9365) --- go.mod | 9 ++++++++- go.sum | 18 ++++++++++++++++++ test/e2e-image/e2e.sh | 7 ++++--- 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 91bda5845..074cca487 100644 --- a/go.mod +++ b/go.mod @@ -51,9 +51,10 @@ require ( github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/BurntSushi/toml v0.3.1 // indirect + github.com/BurntSushi/toml v1.0.0 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect + github.com/alessio/shellescape v1.4.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -70,6 +71,7 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect + github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.2.0 // indirect @@ -80,6 +82,8 @@ require ( github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.1.0 // indirect + github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect + github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect @@ -88,6 +92,7 @@ require ( github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.16 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect github.com/moby/sys/mountinfo v0.5.0 // indirect @@ -97,6 +102,7 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect + github.com/pelletier/go-toml v1.9.4 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/procfs v0.8.0 // indirect @@ -125,6 +131,7 @@ require ( k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect + sigs.k8s.io/kind v0.17.0 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect diff --git a/go.sum b/go.sum index f53cec3a6..564a127bb 100644 --- a/go.sum +++ b/go.sum @@ -62,6 +62,8 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= +github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= @@ -73,6 +75,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= +github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= +github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= @@ -105,6 +109,7 @@ github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkX github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= @@ -167,6 +172,8 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -252,8 +259,11 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= +github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -271,6 +281,7 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= @@ -310,6 +321,7 @@ github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -357,6 +369,8 @@ github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJ github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= +github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= +github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -412,6 +426,7 @@ github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -880,6 +895,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -948,6 +964,8 @@ sigs.k8s.io/controller-runtime v0.13.1 h1:tUsRCSJVM1QQOOeViGeX3GMT3dQF1eePPw6sEE sigs.k8s.io/controller-runtime v0.13.1/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/kind v0.17.0 h1:CScmGz/wX66puA06Gj8OZb76Wmk7JIjgWf5JDvY7msM= +sigs.k8s.io/kind v0.17.0/go.mod h1:Qqp8AiwOlMZmJWs37Hgs31xcbiYXjtXlRBSftcnZXQk= sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s= sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk= diff --git a/test/e2e-image/e2e.sh b/test/e2e-image/e2e.sh index 150d2d06e..7b4d56f10 100755 --- a/test/e2e-image/e2e.sh +++ b/test/e2e-image/e2e.sh @@ -19,7 +19,7 @@ set -e NC='\e[0m' BGREEN='\e[32m' -SLOW_E2E_THRESHOLD=${SLOW_E2E_THRESHOLD:-"5s"} +#SLOW_E2E_THRESHOLD=${SLOW_E2E_THRESHOLD:-"5s"} FOCUS=${FOCUS:-.*} E2E_NODES=${E2E_NODES:-5} E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS:-""} @@ -28,8 +28,9 @@ ginkgo_args=( "-randomize-all" "-flake-attempts=2" "-fail-fast" - "-progress" - "-slow-spec-threshold=${SLOW_E2E_THRESHOLD}" + "--show-node-events" + "--poll-progress-after=180s" +# "-slow-spec-threshold=${SLOW_E2E_THRESHOLD}" "-succinct" "-timeout=75m" ) From f71f109b8d497e368dafa2b69f3424e2452e6a9a Mon Sep 17 00:00:00 2001 From: "Justin Wood (Callek)" Date: Sun, 4 Dec 2022 14:51:55 -0500 Subject: [PATCH 408/494] Fix styling in canary annotation docs. (#9259) Before this change, it appears on the website as: > A weight of means implies all requests will be sent to the alternative service specified in the Ingress. `` defaults to 100, and can be increased via `nginx.ingress.kubernetes.io/canary-weight-total`. Where there is the term `weight-total` as a pure html tag in the space. This fixes it to actually display it as text in the prose. --- docs/user-guide/nginx-configuration/annotations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 131320bf7..49e252589 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -146,7 +146,7 @@ In some cases, you may want to "canary" a new set of changes by sending a small * `nginx.ingress.kubernetes.io/canary-by-cookie`: The cookie to use for notifying the Ingress to route the request to the service specified in the Canary Ingress. When the cookie value is set to `always`, it will be routed to the canary. When the cookie is set to `never`, it will never be routed to the canary. For any other value, the cookie will be ignored and the request compared against the other canary rules by precedence. -* `nginx.ingress.kubernetes.io/canary-weight`: The integer based (0 - ) percent of random requests that should be routed to the service specified in the canary Ingress. A weight of 0 implies that no requests will be sent to the service in the Canary ingress by this canary rule. A weight of means implies all requests will be sent to the alternative service specified in the Ingress. `` defaults to 100, and can be increased via `nginx.ingress.kubernetes.io/canary-weight-total`. +* `nginx.ingress.kubernetes.io/canary-weight`: The integer based (0 - ) percent of random requests that should be routed to the service specified in the canary Ingress. A weight of 0 implies that no requests will be sent to the service in the Canary ingress by this canary rule. A weight of `` means implies all requests will be sent to the alternative service specified in the Ingress. `` defaults to 100, and can be increased via `nginx.ingress.kubernetes.io/canary-weight-total`. * `nginx.ingress.kubernetes.io/canary-weight-total`: The total weight of traffic. If unspecified, it defaults to 100. From 785458ccebfe5ee13d150f25fde0335ee20a408f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 4 Dec 2022 13:09:56 -0800 Subject: [PATCH 409/494] Bump google.golang.org/grpc from 1.50.1 to 1.51.0 (#9316) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.50.1 to 1.51.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.50.1...v1.51.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 074cca487..eab2f9d01 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.3.0 - google.golang.org/grpc v1.50.1 + google.golang.org/grpc v1.51.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.4 diff --git a/go.sum b/go.sum index 564a127bb..21890aa7a 100644 --- a/go.sum +++ b/go.sum @@ -871,8 +871,8 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY= -google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= +google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From 3aa53aaf5b210dd937598928e172ef1478e90e69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Mon, 5 Dec 2022 02:49:01 +0100 Subject: [PATCH 410/494] fix: missing CORS headers when auth fails (#9251) --- rootfs/etc/nginx/template/nginx.tmpl | 8 ++++---- test/e2e/annotations/auth.go | 28 ++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 92d2c9706..3ace12bc3 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -1268,6 +1268,10 @@ stream { deny all; {{ end }} + {{ if $location.CorsConfig.CorsEnabled }} + {{ template "CORS" $location }} + {{ end }} + {{ if not (isLocationInLocationList $location $all.Cfg.NoAuthLocations) }} {{ if $authPath }} # this location requires authentication @@ -1329,10 +1333,6 @@ stream { {{ range $limit := $limits }} {{ $limit }}{{ end }} - {{ if $location.CorsConfig.CorsEnabled }} - {{ template "CORS" $location }} - {{ end }} - {{ buildInfluxDB $location.InfluxDB }} {{ if isValidByteSize $location.Proxy.BodySize true }} diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go index 7da2ef7d9..1f0f4c3b2 100644 --- a/test/e2e/annotations/auth.go +++ b/test/e2e/annotations/auth.go @@ -141,6 +141,34 @@ var _ = framework.DescribeAnnotation("auth-*", func() { Body().Contains("401 Authorization Required") }) + ginkgo.It("should return status code 401 and cors headers when authentication and cors is configured but Authorization header is not configured", func() { + host := "auth" + + s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace)) + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/auth-type": "basic", + "nginx.ingress.kubernetes.io/auth-secret": s.Name, + "nginx.ingress.kubernetes.io/auth-realm": "test auth", + "nginx.ingress.kubernetes.io/enable-cors": "true", + } + + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, "server_name auth") + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + Expect(). + Status(http.StatusUnauthorized). + Header("Access-Control-Allow-Origin").Equal("*") + }) + ginkgo.It("should return status code 200 when authentication is configured and Authorization header is sent", func() { host := "auth" From 3474c33e15d809ba401b38891a2ed3c4080b751e Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Mon, 5 Dec 2022 09:55:02 +0100 Subject: [PATCH 411/494] update OpenTelemetry image (#9308) * update OpenTelemetry image * review comment * helm-docs * clean --- charts/ingress-nginx/README.md | 3 +++ charts/ingress-nginx/templates/_helpers.tpl | 17 +++++++++++++ .../templates/controller-deployment.yaml | 25 ++++++++----------- charts/ingress-nginx/values.yaml | 8 ++++-- 4 files changed, 37 insertions(+), 16 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 5ddd046ea..36c98984c 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -372,6 +372,9 @@ Kubernetes: `>=1.20.0-0` | controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | controller.name | string | `"controller"` | | | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | +| controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | +| controller.opentelemetry.enabled | bool | `false` | | +| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c"` | | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata | | controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index 790a19350..7db5b2ca8 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -193,3 +193,20 @@ IngressClass parameters. {{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}} {{ end }} {{- end -}} + +{{/* +Extra modules. +*/}} +{{- define "extraModules" -}} + +- name: {{ .name }} + image: {{ .image }} + command: ['sh', '-c', '/usr/local/bin/init_module.sh'] + {{- if (.containerSecurityContext) }} + securityContext: {{ .containerSecurityContext | toYaml | nindent 4 }} + {{- end }} + volumeMounts: + - name: {{ toYaml "modules"}} + mountPath: {{ toYaml "/modules_mount"}} + +{{- end -}} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 9dac747ea..5cd3c1901 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -147,9 +147,9 @@ spec: hostPort: {{ $key }} {{- end }} {{- end }} - {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} volumeMounts: - {{- if .Values.controller.extraModules }} + {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} - name: modules {{ if .Values.controller.image.chroot }} mountPath: /chroot/modules_mount @@ -177,24 +177,21 @@ spec: {{- if .Values.controller.extraContainers }} {{ toYaml .Values.controller.extraContainers | nindent 8 }} {{- end }} - {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }} + {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} initContainers: {{- if .Values.controller.extraInitContainers }} {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} {{- end }} {{- if .Values.controller.extraModules }} {{- range .Values.controller.extraModules }} - - name: {{ .name }} - image: {{ .image }} - command: ['sh', '-c', '/usr/local/bin/init_module.sh'] - {{- if (or $.Values.controller.containerSecurityContext .containerSecurityContext) }} - securityContext: {{ .containerSecurityContext | default $.Values.controller.containerSecurityContext | toYaml | nindent 14 }} - {{- end }} - volumeMounts: - - name: modules - mountPath: /modules_mount + {{ $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} + {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext | nindent 8) }} {{- end }} {{- end }} + {{- if .Values.controller.opentelemetry.enabled}} + {{ $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }} + {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext) | nindent 8}} + {{- end}} {{- end }} {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} @@ -213,9 +210,9 @@ spec: {{- end }} serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} - {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} volumes: - {{- if .Values.controller.extraModules }} + {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}} - name: modules emptyDir: {} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index f80095c56..6dc28c08d 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -583,8 +583,6 @@ controller: # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module extraModules: [] - # - name: opentelemetry - # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220906-g981ce38a7@sha256:aa079daa7efd93aa830e26483a49a6343354518360929494bad1d0ad3303142e # containerSecurityContext: # allowPrivilegeEscalation: false # @@ -592,6 +590,12 @@ controller: # will be executed as initContainers, to move its config files within the # mounted volume. + opentelemetry: + enabled: false + image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c + containerSecurityContext: + allowPrivilegeEscalation: false + admissionWebhooks: annotations: {} # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". From acf6f0a20265229586fc9e3de02b321b36972b2a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Dec 2022 14:33:03 -0800 Subject: [PATCH 412/494] Bump github/codeql-action from 2.1.31 to 2.1.35 (#9369) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.31 to 2.1.35. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898...b2a92eb56d8cb930006a1c6ed86b0782dd8a4297) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 7e936c08b..7b0dac782 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.14 + uses: github/codeql-action/upload-sarif@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 6cb1dada7..bb9b2fbf0 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 + uses: github/codeql-action/upload-sarif@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From f3f6554405649de787a3577e5ed445fe3c4ea4aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Dec 2022 14:35:03 -0800 Subject: [PATCH 413/494] Bump actions/setup-go from 3.3.1 to 3.4.0 (#9370) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/c4a742cab115ed795e34d4513e2cf7d472deb55f...d0a58c1c4d2b25278816e339b944508c875f3613) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- .github/workflows/plugin.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6f0c4aee2..f26a99aac 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -81,7 +81,7 @@ jobs: - name: Set up Go 1.19.2 id: go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 + uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: go-version: '1.19.2' @@ -147,7 +147,7 @@ jobs: uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 + uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: go-version: '1.19.2' @@ -423,7 +423,7 @@ jobs: - name: Set up Go 1.19.2 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 + uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: go-version: '1.19.2' diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 5da461528..398d0075b 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -22,7 +22,7 @@ jobs: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 + uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: go-version: 1.19.2 From f9cce5a4ed7ef372a18bc826e395ff5660b7a444 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomek=20=C5=9Awi=C4=99cicki?= Date: Tue, 6 Dec 2022 16:26:38 +0100 Subject: [PATCH 414/494] [user-guide configmap] fix doc for global-auth-snippet (#9372) --- docs/user-guide/nginx-configuration/configmap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index c985d7373..f5d22d11c 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -1221,7 +1221,7 @@ _**default:**_ "" ## global-auth-snippet Sets a custom snippet to use with external authentication. Applied to all the locations. -Similar to the Ingress rule annotation `nginx.ingress.kubernetes.io/auth-request-redirect`. +Similar to the Ingress rule annotation `nginx.ingress.kubernetes.io/auth-snippet`. _**default:**_ "" ## global-auth-cache-key From ad4655a568f907ef85c43c264f2db487401b1ea2 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Wed, 7 Dec 2022 08:54:37 +0530 Subject: [PATCH 415/494] integrated junit-reports with ghactions (#9361) --- .github/workflows/ci.yaml | 6 ++++++ .github/workflows/junit-reports.yaml | 16 ++++++++++++++++ build/run-e2e-suite.sh | 1 + 3 files changed, 23 insertions(+) create mode 100644 .github/workflows/junit-reports.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f26a99aac..494477b81 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -267,6 +267,12 @@ jobs: kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-test + - name: Uplaod e2e junit-reports + uses: actions/upload-artifact@v2 + if: success() || failure() + with: + name: e2e-test-reports + path: 'test/junitreports/report*.xml' kubernetes-chroot: name: Kubernetes chroot diff --git a/.github/workflows/junit-reports.yaml b/.github/workflows/junit-reports.yaml new file mode 100644 index 000000000..21f2674a1 --- /dev/null +++ b/.github/workflows/junit-reports.yaml @@ -0,0 +1,16 @@ +name: 'E2E Test Report' +on: + workflow_run: + workflows: ['CI'] # runs after CI workflow + types: + - completed +jobs: + report: + runs-on: ubuntu-latest + steps: + - uses: dorny/test-reporter@v1 + with: + artifact: e2e-test-reports + name: JEST Tests # Name of the check run which will be created + path: 'report*.xml' # Path to test results (inside artifact .zip) + reporter: jest-junit # Format of test results diff --git a/build/run-e2e-suite.sh b/build/run-e2e-suite.sh index ebbac9145..ae38b5fcc 100755 --- a/build/run-e2e-suite.sh +++ b/build/run-e2e-suite.sh @@ -99,6 +99,7 @@ cd $reportsDir #for cmName in `k get cm -l junitreport=true -o json | jq '.items[].binaryData | keys[]' | tr '\"' ' '` #do # +# # kubectl get cm -l junitreport=true -o json | jq -r '[.items[].binaryData | to_entries[] | {"key": .key, "value": .value }] | from_entries' # From d7674e43230274a485ff90054383083ea4280ef8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Wed, 7 Dec 2022 13:16:38 +0100 Subject: [PATCH 416/494] feat(helm): Optionally use cert-manager instead admission patch (#9279) --- charts/ingress-nginx/README.md | 18 ++++++ charts/ingress-nginx/README.md.gotmpl | 15 +++++ ...ler-admission-tls-cert-manager-values.yaml | 6 ++ .../admission-webhooks/cert-manager.yaml | 63 +++++++++++++++++++ .../job-patch/clusterrole.yaml | 2 +- .../job-patch/clusterrolebinding.yaml | 2 +- .../job-patch/job-createSecret.yaml | 2 +- .../job-patch/job-patchWebhook.yaml | 2 +- .../admission-webhooks/job-patch/role.yaml | 2 +- .../job-patch/rolebinding.yaml | 2 +- .../job-patch/serviceaccount.yaml | 2 +- .../validating-webhook.yaml | 7 ++- .../templates/controller-daemonset.yaml | 7 +++ .../templates/controller-deployment.yaml | 7 +++ charts/ingress-nginx/values.yaml | 11 ++++ test/e2e/run-chart-test.sh | 8 ++- 16 files changed, 147 insertions(+), 9 deletions(-) create mode 100644 charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml create mode 100644 charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 36c98984c..0e2800d94 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -217,6 +217,21 @@ With nginx-ingress-controller version 0.25+, the nginx ingress controller pod ex With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) +#### How the Chart Configures the Hooks +A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. + +1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. +2. The ingress nginx controller pod is configured to use a TLS proxy container, which will load that certificate. +3. Validating and Mutating webhook configurations are created in the cluster. +4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations + +#### Alternatives +It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required. + +You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enable` value to true. + +Please ensure that cert-manager is correctly installed and configured. + ### Helm Error When Upgrading: spec.clusterIP: Invalid value: "" If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this: @@ -240,6 +255,9 @@ Kubernetes: `>=1.20.0-0` | commonLabels | object | `{}` | | | controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers | | controller.admissionWebhooks.annotations | object | `{}` | | +| controller.admissionWebhooks.certManager.admissionCert.duration | string | `""` | | +| controller.admissionWebhooks.certManager.enabled | bool | `false` | | +| controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | | | controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | | | controller.admissionWebhooks.createSecretJob.resources | object | `{}` | | | controller.admissionWebhooks.createSecretJob.securityContext.allowPrivilegeEscalation | bool | `false` | | diff --git a/charts/ingress-nginx/README.md.gotmpl b/charts/ingress-nginx/README.md.gotmpl index 9a7d7bdfd..78e4f38d4 100644 --- a/charts/ingress-nginx/README.md.gotmpl +++ b/charts/ingress-nginx/README.md.gotmpl @@ -216,6 +216,21 @@ With nginx-ingress-controller version 0.25+, the nginx ingress controller pod ex With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) +#### How the Chart Configures the Hooks +A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. + +1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. +2. The ingress nginx controller pod is configured to use a TLS proxy container, which will load that certificate. +3. Validating and Mutating webhook configurations are created in the cluster. +4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations + +#### Alternatives +It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required. + +You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enable` value to true. + +Please ensure that cert-manager is correctly installed and configured. + ### Helm Error When Upgrading: spec.clusterIP: Invalid value: "" If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this: diff --git a/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml b/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml new file mode 100644 index 000000000..a13241cd4 --- /dev/null +++ b/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml @@ -0,0 +1,6 @@ +controller: + admissionWebhooks: + certManager: + enabled: true + service: + type: ClusterIP diff --git a/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml b/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml new file mode 100644 index 000000000..55fab471c --- /dev/null +++ b/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.certManager.enabled -}} +{{- if not .Values.controller.admissionWebhooks.certManager.issuerRef -}} +# Create a selfsigned Issuer, in order to create a root CA certificate for +# signing webhook serving certificates +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "ingress-nginx.fullname" . }}-self-signed-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +--- +# Generate a CA Certificate used to sign certificates for the webhook +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "ingress-nginx.fullname" . }}-root-cert + namespace: {{ .Release.Namespace }} +spec: + secretName: {{ include "ingress-nginx.fullname" . }}-root-cert + duration: {{ .Values.controller.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }} + issuerRef: + name: {{ include "ingress-nginx.fullname" . }}-self-signed-issuer + commonName: "ca.webhook.ingress-nginx" + isCA: true + subject: + organizations: + - ingress-nginx +--- +# Create an Issuer that uses the above generated CA certificate to issue certs +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "ingress-nginx.fullname" . }}-root-issuer + namespace: {{ .Release.Namespace }} +spec: + ca: + secretName: {{ include "ingress-nginx.fullname" . }}-root-cert +{{- end }} +--- +# generate a server certificate for the apiservices to use +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} +spec: + secretName: {{ include "ingress-nginx.fullname" . }}-admission + duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }} + issuerRef: + {{- if .Values.controller.admissionWebhooks.certManager.issuerRef }} + {{- toYaml .Values.controller.admissionWebhooks.certManager.issuerRef | nindent 4 }} + {{- else }} + name: {{ include "ingress-nginx.fullname" . }}-root-issuer + {{- end }} + dnsNames: + - {{ include "ingress-nginx.controller.fullname" . }}-admission + - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }} + - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc + subject: + organizations: + - ingress-nginx-admission +{{- end -}} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml index 5659a1f10..f9ec70974 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index abf17fb9f..002abd43b 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index de78f45bd..d93433ecd 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} apiVersion: batch/v1 kind: Job metadata: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index b670aa05a..0fa3ff9a2 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} apiVersion: batch/v1 kind: Job metadata: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml index 795bac6b9..2aab6f4b1 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml index 698c5c864..60c3f4ff0 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml index eae475118..00be54ec5 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml index 8caffcb03..f27244dc9 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -4,8 +4,13 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: + annotations: + {{- if .Values.controller.admissionWebhooks.certManager.enabled }} + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }} + {{- end }} {{- if .Values.controller.admissionWebhooks.annotations }} - annotations: {{ toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }} + {{- toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }} {{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 4 }} diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 802730331..e6721566b 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -225,6 +225,13 @@ spec: - name: webhook-cert secret: secretName: {{ include "ingress-nginx.fullname" . }}-admission + {{- if .Values.controller.admissionWebhooks.certManager.enabled }} + items: + - key: tls.crt + path: cert + - key: tls.key + path: key + {{- end }} {{- end }} {{- if .Values.controller.extraVolumes }} {{ toYaml .Values.controller.extraVolumes | nindent 8 }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 5cd3c1901..9f1cf70db 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -228,6 +228,13 @@ spec: - name: webhook-cert secret: secretName: {{ include "ingress-nginx.fullname" . }}-admission + {{- if .Values.controller.admissionWebhooks.certManager.enabled }} + items: + - key: tls.crt + path: cert + - key: tls.key + path: key + {{- end }} {{- end }} {{- if .Values.controller.extraVolumes }} {{ toYaml .Values.controller.extraVolumes | nindent 8 }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 6dc28c08d..161f974fe 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -677,6 +677,17 @@ controller: runAsUser: 2000 fsGroup: 2000 + # Use certmanager to generate webhook certs + certManager: + enabled: false + # self-signed root certificate + rootCert: + duration: "" # default to be 5y + admissionCert: + duration: "" # default to be 1y + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" metrics: port: 10254 diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index fdb3121d8..b2e54993f 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -83,13 +83,19 @@ if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image fi - + KIND_WORKERS=$(kind get nodes --name="${KIND_CLUSTER_NAME}" | awk '{printf (NR>1?",":"") $1}') echo "[dev-env] copying docker images to cluster..." kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes=${KIND_WORKERS} ${REGISTRY}/controller:${TAG} +if [ "${SKIP_CERT_MANAGER_CREATION:-false}" = "false" ]; then + echo "[dev-env] apply cert-manager ..." + kubectl apply --wait -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.yaml + sleep 10 +fi + echo "[dev-env] running helm chart e2e tests..." # Uses a custom chart-testing image to avoid timeouts waiting for namespace deletion. # The changes can be found here: https://github.com/aledbf/chart-testing/commit/41fe0ae0733d0c9a538099fb3cec522e888e3d82 From 59d80f05bc6a363576c2b3c4707d768f1b7b8f66 Mon Sep 17 00:00:00 2001 From: Thomas Milox Date: Thu, 8 Dec 2022 01:10:22 +0100 Subject: [PATCH 417/494] doc: update NEW_CONTRIBUTOR.md (#9381) Add a reference to docker-mac-net-connect for macOS users experiencing ingress not being exposed Signed-off-by: TommyStarK Signed-off-by: TommyStarK --- NEW_CONTRIBUTOR.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEW_CONTRIBUTOR.md b/NEW_CONTRIBUTOR.md index 816d05778..e89c1ba88 100644 --- a/NEW_CONTRIBUTOR.md +++ b/NEW_CONTRIBUTOR.md @@ -848,3 +848,5 @@ As you can see from the above output there are several headers added to the curl - Cluster Creation tools - [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) - [minikube](https://minikube.sigs.k8s.io/docs/start/) +- MacOS users + - [docker-mac-net-connect](https://github.com/chipmk/docker-mac-net-connect) - See this [issue](https://github.com/kubernetes/minikube/issues/7332) From 2cb3ce5db68c4d3f1022068527e55c1018dccf9d Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 8 Dec 2022 10:52:24 -0500 Subject: [PATCH 418/494] added action for issues to project (#9386) Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/project.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/project.yml diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml new file mode 100644 index 000000000..9baa09bf2 --- /dev/null +++ b/.github/workflows/project.yml @@ -0,0 +1,19 @@ +name: Adds all issues + +on: + issues: + types: + - opened + +jobs: + add-to-project: + name: Add issue to project + runs-on: ubuntu-latest + permissions: + repository-projects: write + issues: write + steps: + - uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 #v0.4.0 + with: + project-url: https://github.com/orgs/kubernetes/projects/104 + github-token: ${{ secrets.PROJECT_WRITER }} From 7e7d0e86992cf2fcda76ccdd2a1c28e16d14704f Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 11 Dec 2022 21:33:19 -0300 Subject: [PATCH 419/494] Add reporter for all tests (#9395) --- .github/workflows/ci.yaml | 16 +++++++++++++--- .github/workflows/junit-reports.yaml | 4 ++-- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 494477b81..0f21ccc4e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,7 +13,7 @@ on: inputs: run_e2e: description: 'Force e2e to run' - required: true + required: false type: boolean permissions: @@ -73,6 +73,9 @@ jobs: name: Build runs-on: ubuntu-latest needs: changes + if: | + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} + steps: @@ -268,10 +271,10 @@ jobs: make kind-e2e-test - name: Uplaod e2e junit-reports - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 if: success() || failure() with: - name: e2e-test-reports + name: e2e-test-reports-${{ matrix.k8s }} path: 'test/junitreports/report*.xml' kubernetes-chroot: @@ -330,6 +333,13 @@ jobs: run: | kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-test + + - name: Uplaod e2e junit-reports + uses: actions/upload-artifact@v3 + if: success() || failure() + with: + name: e2e-test-reports-chroot-${{ matrix.k8s }} + path: 'test/junitreports/report*.xml' test-image-build: diff --git a/.github/workflows/junit-reports.yaml b/.github/workflows/junit-reports.yaml index 21f2674a1..f02e68466 100644 --- a/.github/workflows/junit-reports.yaml +++ b/.github/workflows/junit-reports.yaml @@ -10,7 +10,7 @@ jobs: steps: - uses: dorny/test-reporter@v1 with: - artifact: e2e-test-reports - name: JEST Tests # Name of the check run which will be created + artifact: /e2e-test-reports-(.*)/ + name: JEST Tests $1 # Name of the check run which will be created path: 'report*.xml' # Path to test results (inside artifact .zip) reporter: jest-junit # Format of test results From 8736b3b9a76ef9d499f5cd69886aa85b4c927248 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Mon, 12 Dec 2022 22:05:37 +0800 Subject: [PATCH 420/494] ci: remove setup-kind step (#9401) kind is already installed by default in the current GitHub Action environment. Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- .github/workflows/ci.yaml | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0f21ccc4e..69ff30f65 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -189,10 +189,8 @@ jobs: - name: Create Kubernetes ${{ matrix.k8s }} cluster id: kind - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 - with: - version: v0.15.0 - image: kindest/node:${{ matrix.k8s }} + run: | + kind create cluster --image=kindest/node:${{ matrix.k8s }} - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1 with: @@ -239,11 +237,8 @@ jobs: - name: Create Kubernetes ${{ matrix.k8s }} cluster id: kind - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 - with: - version: v0.15.0 - config: test/e2e/kind.yaml - image: kindest/node:${{ matrix.k8s }} + run: | + kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1 with: @@ -302,11 +297,8 @@ jobs: - name: Create Kubernetes ${{ matrix.k8s }} cluster id: kind - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 - with: - version: v0.15.0 - config: test/e2e/kind.yaml - image: kindest/node:${{ matrix.k8s }} + run: | + kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af with: @@ -431,10 +423,8 @@ jobs: - name: Create Kubernetes cluster id: kind if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 - with: - version: v0.15.0 - image: kindest/node:v1.25.2 + run: | + kind create cluster --image=kindest/node:${{ matrix.k8s }} - name: Set up Go 1.19.2 id: go From 4f528fc70a3bfcc2aff1614234891b27aebc1608 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Tue, 13 Dec 2022 00:45:34 +0800 Subject: [PATCH 421/494] ci: remove setup-helm step (#9404) Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- .github/workflows/ci.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 69ff30f65..cb575ace6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -245,12 +245,6 @@ jobs: name: docker.tar.gz failOnError: false - - name: Prepare cluster for testing - uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 #v2.1 - with: - version: 'v3.8.0' - id: local-path - - name: Load images from cache run: | echo "loading docker images..." @@ -305,12 +299,6 @@ jobs: name: docker.tar.gz failOnError: false - - name: Prepare cluster for testing - uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 #v2.1 - with: - version: 'v3.8.0' - id: local-path - - name: Load images from cache run: | echo "loading docker images..." From b93b277e5a0d3928b770da86921fb5c4c7c2c8b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Dec 2022 19:07:33 -0800 Subject: [PATCH 422/494] Bump github/codeql-action from 2.1.35 to 2.1.36 (#9400) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.35 to 2.1.36. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b2a92eb56d8cb930006a1c6ed86b0782dd8a4297...a669cc5936cc5e1b6a362ec1ff9e410dc570d190) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 7b0dac782..a9c36481b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 # v2.1.14 + uses: github/codeql-action/upload-sarif@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index bb9b2fbf0..af46c2bcc 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 + uses: github/codeql-action/upload-sarif@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 651b8468210dee3a81e074be2cf938a7152839e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 Dec 2022 02:29:42 -0800 Subject: [PATCH 423/494] Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9398) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.5.1 to 2.6.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.5.1...v2.6.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 9 +-------- go.sum | 21 ++------------------- 2 files changed, 3 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index eab2f9d01..90f11e285 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.5.1 + github.com/onsi/ginkgo/v2 v2.6.0 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.14.0 @@ -54,7 +54,6 @@ require ( github.com/BurntSushi/toml v1.0.0 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect - github.com/alessio/shellescape v1.4.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -71,7 +70,6 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect - github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.2.0 // indirect @@ -82,8 +80,6 @@ require ( github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.1.0 // indirect - github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect - github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect @@ -92,7 +88,6 @@ require ( github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.16 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect github.com/moby/sys/mountinfo v0.5.0 // indirect @@ -102,7 +97,6 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect - github.com/pelletier/go-toml v1.9.4 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/procfs v0.8.0 // indirect @@ -131,7 +125,6 @@ require ( k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect - sigs.k8s.io/kind v0.17.0 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect diff --git a/go.sum b/go.sum index 21890aa7a..9a608ff9d 100644 --- a/go.sum +++ b/go.sum @@ -60,7 +60,6 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= @@ -75,8 +74,6 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= -github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= @@ -109,7 +106,6 @@ github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkX github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= @@ -172,8 +168,6 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -259,11 +253,8 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= -github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -281,7 +272,6 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= @@ -321,7 +311,6 @@ github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -361,16 +350,14 @@ github.com/ncabatoff/process-exporter v0.7.10/go.mod h1:DHZRZjqxw9LCOpLlX0DjBuyn github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.5.1 h1:auzK7OI497k6x4OvWq+TKAcpcSAlod0doAH72oIN0Jw= -github.com/onsi/ginkgo/v2 v2.5.1/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= +github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= +github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= -github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= -github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -426,7 +413,6 @@ github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -895,7 +881,6 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -964,8 +949,6 @@ sigs.k8s.io/controller-runtime v0.13.1 h1:tUsRCSJVM1QQOOeViGeX3GMT3dQF1eePPw6sEE sigs.k8s.io/controller-runtime v0.13.1/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kind v0.17.0 h1:CScmGz/wX66puA06Gj8OZb76Wmk7JIjgWf5JDvY7msM= -sigs.k8s.io/kind v0.17.0/go.mod h1:Qqp8AiwOlMZmJWs37Hgs31xcbiYXjtXlRBSftcnZXQk= sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s= sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk= From a0dbbd2fb15080bb7aca03a23de72855c77cd8a7 Mon Sep 17 00:00:00 2001 From: Saumya <76432998+SaumyaBhushan@users.noreply.github.com> Date: Sat, 17 Dec 2022 17:07:41 +0530 Subject: [PATCH 424/494] Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9408) Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 --- build/run-in-docker.sh | 2 +- images/test-runner/rootfs/Dockerfile | 2 +- test/e2e/run-chart-test.sh | 2 +- test/e2e/run.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index cb8ad18f0..c566bc8a0 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -77,7 +77,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "FLAGS=$FLAGS" go env set -x - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index 30e7e1ab2..aa7c56c39 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -55,7 +55,7 @@ ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" -RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 && go install golang.org/x/lint/golint@latest +RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 && go install golang.org/x/lint/golint@latest ARG RESTY_CLI_VERSION ARG RESTY_CLI_SHA diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index b2e54993f..606215f17 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 4cd95267f..9ca490baa 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -79,7 +79,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 fi echo "[dev-env] building image" From 17d8266a2ac923fb86183e534cef015e717d0128 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 Dec 2022 06:01:42 -0800 Subject: [PATCH 425/494] Bump github.com/prometheus/common from 0.37.0 to 0.39.0 (#9416) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.37.0 to 0.39.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.37.0...v0.39.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 14 +++++++------- go.sum | 38 ++++++++++++++------------------------ 2 files changed, 21 insertions(+), 31 deletions(-) diff --git a/go.mod b/go.mod index 90f11e285..db2e85f74 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.14.0 github.com/prometheus/client_model v0.3.0 - github.com/prometheus/common v0.37.0 + github.com/prometheus/common v0.39.0 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.1 @@ -88,7 +88,7 @@ require ( github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect github.com/moby/sys/mountinfo v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -107,11 +107,11 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0 // indirect - golang.org/x/net v0.2.0 // indirect - golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.2.0 // indirect - golang.org/x/term v0.2.0 // indirect - golang.org/x/text v0.4.0 // indirect + golang.org/x/net v0.4.0 // indirect + golang.org/x/oauth2 v0.3.0 // indirect + golang.org/x/sys v0.3.0 // indirect + golang.org/x/term v0.3.0 // indirect + golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect golang.org/x/tools v0.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 9a608ff9d..644cb2e86 100644 --- a/go.sum +++ b/go.sum @@ -148,11 +148,9 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -314,8 +312,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= @@ -371,7 +369,6 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -384,9 +381,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= -github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= +github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI= +github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -557,10 +553,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -576,8 +570,8 @@ golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.3.0 h1:6l90koy8/LaBLmLu8jpHeHexzMwEita0zFfYlggy2F8= +golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -650,16 +644,13 @@ golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -668,9 +659,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From e3e0d9c1f487cf00c02a2a0ca579f4aff9698e59 Mon Sep 17 00:00:00 2001 From: James Strong Date: Sun, 18 Dec 2022 20:07:43 -0500 Subject: [PATCH 426/494] start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417) * start upgrade to 1.19.4 Signed-off-by: James Strong * add matrix to image test-image Signed-off-by: James Strong * update to alpine 3.17 Signed-off-by: James Strong * remove need for curl Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/ci.yaml | 17 ++-- .github/workflows/plugin.yaml | 2 +- docs/examples/customization/sysctl/patch.json | 2 +- images/cfssl/rootfs/Dockerfile | 2 +- images/custom-error-pages/rootfs/Dockerfile | 2 +- .../rootfs/Dockerfile | 2 +- images/fastcgi-helloserver/rootfs/Dockerfile | 2 +- .../go-grpc-greeter-server/rootfs/Dockerfile | 6 +- images/go-grpc-greeter-server/rootfs/main.go | 78 +++++++++++++++++++ images/httpbin/rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 2 +- images/nginx/rootfs/Dockerfile | 2 +- images/opentelemetry/rootfs/Dockerfile | 2 +- images/test-runner/Makefile | 2 +- images/test-runner/rootfs/Dockerfile | 2 +- rootfs/Dockerfile-chroot | 2 +- 16 files changed, 106 insertions(+), 21 deletions(-) create mode 100644 images/go-grpc-greeter-server/rootfs/main.go diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cb575ace6..ea46f8cef 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -82,11 +82,11 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - name: Set up Go 1.19.2 + - name: Set up Go 1.19.4 id: go uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: - go-version: '1.19.2' + go-version: '1.19.4' - name: Set up QEMU uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 #v2.0.0 @@ -152,7 +152,7 @@ jobs: - name: Setup Go uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: - go-version: '1.19.2' + go-version: '1.19.4' - name: cache uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3 @@ -393,9 +393,16 @@ jobs: permissions: contents: read # for dorny/paths-filter to fetch a list of changed files pull-requests: read # for dorny/paths-filter to read pull requests + runs-on: ubuntu-latest + env: PLATFORMS: linux/amd64 + + strategy: + matrix: + k8s: [ v1.23.13, v1.24.7, v1.25.3 ] + steps: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 @@ -414,12 +421,12 @@ jobs: run: | kind create cluster --image=kindest/node:${{ matrix.k8s }} - - name: Set up Go 1.19.2 + - name: Set up Go 1.19.4 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: - go-version: '1.19.2' + go-version: '1.19.4' - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 398d0075b..a1ad05d25 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -24,7 +24,7 @@ jobs: - name: Set up Go uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: - go-version: 1.19.2 + go-version: 1.19.4 - name: Run GoReleaser uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 # v3.0.0 diff --git a/docs/examples/customization/sysctl/patch.json b/docs/examples/customization/sysctl/patch.json index 75d613295..3f736197b 100644 --- a/docs/examples/customization/sysctl/patch.json +++ b/docs/examples/customization/sysctl/patch.json @@ -4,7 +4,7 @@ "spec": { "initContainers": [{ "name": "sysctl", - "image": "alpine:3.16.2", + "image": "alpine:3.17.0", "securityContext": { "privileged": true }, diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index b6dfa567f..f9370c210 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.2 +FROM alpine:3.17.0 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk add --no-cache \ diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index 768b1e9df..ef825dec1 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.19.1-alpine as builder +FROM golang:1.19.4-alpine3.17 as builder RUN apk add git WORKDIR /go/src/k8s.io/ingress-nginx/images/custom-error-pages diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 012b1880f..d54df8ab9 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.19.2-alpine3.16 as builder +FROM golang:1.19.4-alpine3.17 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/fastcgi-helloserver/rootfs/Dockerfile b/images/fastcgi-helloserver/rootfs/Dockerfile index f572410e7..0213baf87 100755 --- a/images/fastcgi-helloserver/rootfs/Dockerfile +++ b/images/fastcgi-helloserver/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.14-alpine as builder +FROM golang:1.19.4-alpine3.17 as builder WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi diff --git a/images/go-grpc-greeter-server/rootfs/Dockerfile b/images/go-grpc-greeter-server/rootfs/Dockerfile index 8db118349..547842512 100644 --- a/images/go-grpc-greeter-server/rootfs/Dockerfile +++ b/images/go-grpc-greeter-server/rootfs/Dockerfile @@ -1,9 +1,9 @@ -FROM golang:buster as build +FROM golang:1.19.4-alpine3.17 as build WORKDIR /go/src/greeter-server -RUN curl -o main.go https://raw.githubusercontent.com/grpc/grpc-go/91e0aeb192456225adf27966d04ada4cf8599915/examples/features/reflection/server/main.go && \ - go mod init greeter-server && \ +COPY main.go . +RUN go mod init greeter-server && \ go mod tidy && \ go build -o /greeter-server main.go diff --git a/images/go-grpc-greeter-server/rootfs/main.go b/images/go-grpc-greeter-server/rootfs/main.go new file mode 100644 index 000000000..569273dfd --- /dev/null +++ b/images/go-grpc-greeter-server/rootfs/main.go @@ -0,0 +1,78 @@ +/* + * + * Copyright 2019 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Binary server is an example server. +package main + +import ( + "context" + "flag" + "fmt" + "log" + "net" + + "google.golang.org/grpc" + "google.golang.org/grpc/reflection" + + ecpb "google.golang.org/grpc/examples/features/proto/echo" + hwpb "google.golang.org/grpc/examples/helloworld/helloworld" +) + +var port = flag.Int("port", 50051, "the port to serve on") + +// hwServer is used to implement helloworld.GreeterServer. +type hwServer struct { + hwpb.UnimplementedGreeterServer +} + +// SayHello implements helloworld.GreeterServer +func (s *hwServer) SayHello(ctx context.Context, in *hwpb.HelloRequest) (*hwpb.HelloReply, error) { + return &hwpb.HelloReply{Message: "Hello " + in.Name}, nil +} + +type ecServer struct { + ecpb.UnimplementedEchoServer +} + +func (s *ecServer) UnaryEcho(ctx context.Context, req *ecpb.EchoRequest) (*ecpb.EchoResponse, error) { + return &ecpb.EchoResponse{Message: req.Message}, nil +} + +func main() { + flag.Parse() + lis, err := net.Listen("tcp", fmt.Sprintf(":%d", *port)) + if err != nil { + log.Fatalf("failed to listen: %v", err) + } + fmt.Printf("server listening at %v\n", lis.Addr()) + + s := grpc.NewServer() + + // Register Greeter on the server. + hwpb.RegisterGreeterServer(s, &hwServer{}) + + // Register RouteGuide on the same server. + ecpb.RegisterEchoServer(s, &ecServer{}) + + // Register reflection service on gRPC server. + reflection.Register(s) + + if err := s.Serve(lis); err != nil { + log.Fatalf("failed to serve: %v", err) + } +} diff --git a/images/httpbin/rootfs/Dockerfile b/images/httpbin/rootfs/Dockerfile index da9cd0145..1a9b55ba5 100644 --- a/images/httpbin/rootfs/Dockerfile +++ b/images/httpbin/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.2 +FROM alpine:3.17.0 ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index c45a64dae..32847fd39 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.19.2 as builder +FROM --platform=$BUILDPLATFORM golang:1.19.4 as builder ARG BUILDPLATFORM ARG TARGETARCH diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 6168ee5d8..89bd652b0 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.2 as builder +FROM alpine:3.17.0 as builder COPY . / diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 3c137dbe2..8951a3806 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.16.2 as base +FROM alpine:3.17.0 as base RUN mkdir -p /opt/third_party/install COPY . /opt/third_party/ diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 38ca5f2b3..4d71b8ad5 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -39,7 +39,7 @@ build: ensure-buildx --progress=$(PROGRESS) \ --pull \ --build-arg BASE_IMAGE=$(NGINX_BASE_IMAGE) \ - --build-arg GOLANG_VERSION=1.19.2 \ + --build-arg GOLANG_VERSION=1.19.4 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.24.2 \ --build-arg RESTY_CLI_VERSION=0.27 \ diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index aa7c56c39..f471e81cc 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -16,7 +16,7 @@ ARG BASE_IMAGE ARG GOLANG_VERSION ARG ETCD_VERSION -FROM golang:${GOLANG_VERSION}-alpine as GO +FROM golang:${GOLANG_VERSION}-alpine3.17 as GO FROM registry.k8s.io/etcd:${ETCD_VERSION} as etcd FROM ${BASE_IMAGE} diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index 4805909d5..bdb9be60b 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.16.2 +FROM alpine:3.17.0 ARG TARGETARCH ARG VERSION From 690969ba5f8d48514326aebce701862eb0d01603 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 20 Dec 2022 09:22:51 -0500 Subject: [PATCH 427/494] patch otel docker file Signed-off-by: James Strong --- images/opentelemetry/rootfs/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 8951a3806..7746edbf1 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -21,7 +21,7 @@ COPY . /opt/third_party/ # install build tools RUN apk update \ && apk upgrade \ - && apk add -U bash \ + && apk add -U bash cmake \ && bash /opt/third_party/build.sh -p # install gRPC @@ -39,7 +39,7 @@ COPY --from=grpc /opt/third_party/install/ /usr COPY --from=otel-cpp /opt/third_party/install/ /usr RUN bash /opt/third_party/build.sh -n -FROM alpine:3.16.2 as final +FROM alpine:3.17.0 as final COPY --from=base /opt/third_party/init_module.sh /usr/local/bin/init_module.sh COPY --from=nginx /etc/nginx/modules /etc/nginx/modules COPY --from=nginx /opt/third_party/install/lib /etc/nginx/modules From 58948acd3dc4729e7da5ac91c97799614e257a2a Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 20 Dec 2022 09:41:32 -0500 Subject: [PATCH 428/494] gcloud build is timing out Signed-off-by: James Strong --- images/fastcgi-helloserver/cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/fastcgi-helloserver/cloudbuild.yaml b/images/fastcgi-helloserver/cloudbuild.yaml index 37df1d168..cb4ac2e94 100644 --- a/images/fastcgi-helloserver/cloudbuild.yaml +++ b/images/fastcgi-helloserver/cloudbuild.yaml @@ -1,4 +1,4 @@ -timeout: 600s +timeout: 1800s options: substitution_option: ALLOW_LOOSE steps: From 6070c8be0105bf72a44012d3774b0874a4bba4c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 07:35:45 -0800 Subject: [PATCH 429/494] Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#9422) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/99c53751e09b9529366343771cc321ec74e9bd3d...937ffa90d79c7d720498178154ad4c7ba1e4ad8c) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a9c36481b..b5bce044e 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v1.1.1 + uses: ossf/scorecard-action@937ffa90d79c7d720498178154ad4c7ba1e4ad8c # v1.1.1 with: results_file: results.sarif results_format: sarif From 07db4997b3029b4d08f6b5966ad8d214001e54ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 07:37:45 -0800 Subject: [PATCH 430/494] Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#9424) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/11310527b429536e263dc6cc47873e608189ba21...0ff3da6f81b812d4ec3cf37a04e2308c7a723730) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 5350d6e57..835eb5e9b 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@11310527b429536e263dc6cc47873e608189ba21 #v2.0.2 + uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 #v2.0.2 From bd283b6609bafd59a979db0e888b02c7d3dc068c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 07:39:44 -0800 Subject: [PATCH 431/494] Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#9426) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3.2.0 to 4.1.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757...8f67e590f2d095516493f017008adc464e63adb1) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index a1ad05d25..ea53c7f79 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -27,7 +27,7 @@ jobs: go-version: 1.19.4 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 # v3.0.0 + uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v3.0.0 with: version: latest args: release --rm-dist From 87146d6d93f3aff7d5b70c184b133bc783695f95 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 09:33:43 -0800 Subject: [PATCH 432/494] Bump actions/checkout from 3.1.0 to 3.2.0 (#9425) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8...755da8c3cf115ac066823e79a1e1788f8940201b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 16 ++++++++-------- .github/workflows/depreview.yaml | 2 +- .github/workflows/docs.yaml | 4 ++-- .github/workflows/helm.yaml | 4 ++-- .github/workflows/perftest.yaml | 2 +- .github/workflows/plugin.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 4 ++-- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ea46f8cef..74bca7a72 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter @@ -59,7 +59,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - name: Run Gosec Security Scanner uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # master @@ -80,7 +80,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - name: Set up Go 1.19.4 id: go @@ -147,7 +147,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - name: Setup Go uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 @@ -228,7 +228,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - name: cache uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v2 @@ -282,7 +282,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - name: cache uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 @@ -331,7 +331,7 @@ jobs: PLATFORMS: linux/amd64,linux/arm64 steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter-images @@ -405,7 +405,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter-images diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 835eb5e9b..5a22ea5ff 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 - name: 'Dependency Review' uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 #v2.0.2 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index f02f0a17e..879f90d85 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter @@ -49,7 +49,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 - name: Deploy uses: ./.github/actions/mkdocs diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 33e06bbdc..0e9f74b50 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter @@ -51,7 +51,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index a9206d9ef..7205b0c08 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - name: Install K6 run: | diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index ea53c7f79..c8fca8cca 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b5bce044e..53f8f25ff 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.0 with: persist-credentials: false diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index af46c2bcc..b23c5aa5f 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: versions: ${{ steps.version.outputs.TAGS }} steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b with: fetch-depth: 0 @@ -52,7 +52,7 @@ jobs: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - shell: bash id: test From 787ea74b6beffeb14f20cbf3a0d95c315ee3d8e3 Mon Sep 17 00:00:00 2001 From: my-git9 Date: Wed, 21 Dec 2022 01:39:46 +0800 Subject: [PATCH 433/494] cleanup: remove ioutil for new go version (#9427) Signed-off-by: xin.li Signed-off-by: xin.li --- images/kube-webhook-certgen/rootfs/pkg/certs/certs_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/kube-webhook-certgen/rootfs/pkg/certs/certs_test.go b/images/kube-webhook-certgen/rootfs/pkg/certs/certs_test.go index b4d95b9b2..fa8383cbb 100644 --- a/images/kube-webhook-certgen/rootfs/pkg/certs/certs_test.go +++ b/images/kube-webhook-certgen/rootfs/pkg/certs/certs_test.go @@ -5,7 +5,7 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "testing" @@ -49,7 +49,7 @@ func TestCertificateCreation(t *testing.T) { t.Errorf("Response code was %v; want 200", res.StatusCode) } - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) if err != nil { t.Fatal(err) } From 7ef5e1ab8b230721626bf9f3dccb94bae951c81b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 11:15:19 -0800 Subject: [PATCH 434/494] Bump github/codeql-action from 2.1.36 to 2.1.37 (#9423) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.36 to 2.1.37. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/a669cc5936cc5e1b6a362ec1ff9e410dc570d190...959cbb7472c4d4ad70cdfe6f4976053fe48ab394) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 53f8f25ff..cb2aabf95 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2.1.14 + uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index b23c5aa5f..9eaebd865 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 + uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From cd80cb6907b1b3f1871e3b3a634bda5159658684 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 11:21:19 -0800 Subject: [PATCH 435/494] Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9421) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.6.0...v2.6.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 14 +++-- go.sum | 190 ++++++--------------------------------------------------- 2 files changed, 26 insertions(+), 178 deletions(-) diff --git a/go.mod b/go.mod index db2e85f74..3c88a910b 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.6.0 + github.com/onsi/ginkgo/v2 v2.6.1 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.14.0 @@ -27,6 +27,7 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.3.0 google.golang.org/grpc v1.51.0 + google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.4 @@ -44,7 +45,8 @@ require ( ) require ( - cloud.google.com/go v0.97.0 // indirect + cloud.google.com/go/compute v1.12.1 // indirect + cloud.google.com/go/compute/metadata v0.2.1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.27 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect @@ -81,7 +83,7 @@ require ( github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/google/uuid v1.2.0 // indirect + github.com/google/uuid v1.3.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -106,16 +108,16 @@ require ( github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.6.0 // indirect + golang.org/x/mod v0.7.0 // indirect golang.org/x/net v0.4.0 // indirect golang.org/x/oauth2 v0.3.0 // indirect golang.org/x/sys v0.3.0 // indirect golang.org/x/term v0.3.0 // indirect golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect - golang.org/x/tools v0.2.0 // indirect + golang.org/x/tools v0.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect + google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 644cb2e86..8362b75ba 100644 --- a/go.sum +++ b/go.sum @@ -13,25 +13,16 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8= -cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0= +cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= +cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48= +cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= @@ -64,7 +55,6 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= @@ -74,7 +64,6 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -84,7 +73,6 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -95,13 +83,6 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -124,11 +105,6 @@ github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -139,7 +115,6 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -188,8 +163,6 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -205,10 +178,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7 h1:oKYOfNR7Hp6XpZ4JqolL5u642Js5Z0n7psPVl+S5heo= github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7/go.mod h1:aii0r/K0ZnHv7G0KF7xy1v0A7s2Ljrb5byB7MO5p6TU= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -224,8 +195,6 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -236,8 +205,6 @@ github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -245,29 +212,18 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= -github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= @@ -348,9 +304,9 @@ github.com/ncabatoff/process-exporter v0.7.10/go.mod h1:DHZRZjqxw9LCOpLlX0DjBuyn github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= -github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= -github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= +github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q= +github.com/onsi/ginkgo/v2 v2.6.1/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= +github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -391,7 +347,6 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= @@ -407,7 +362,6 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= @@ -447,7 +401,6 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a h1:CbXWHAnmrtTKgX+yMVVANuRJP8ld88ELbAYAYnBdLJ4= github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a/go.mod h1:/Hzu8ych2oXCs1iNI+MeASyFzWTncQ6nlu/wgqbqC2A= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -455,9 +408,6 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= @@ -497,8 +447,6 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= @@ -507,11 +455,8 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= -golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -542,15 +487,8 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= @@ -560,16 +498,7 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.3.0 h1:6l90koy8/LaBLmLu8jpHeHexzMwEita0zFfYlggy2F8= golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -582,7 +511,7 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -618,30 +547,13 @@ golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -656,8 +568,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= @@ -708,20 +618,9 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= -golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= +golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= +golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -743,18 +642,6 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -786,41 +673,15 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 h1:a2S6M0+660BgMNl++4JPlcAO/CjkqYItDEZwkoDQK7c= +google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -833,23 +694,10 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU= +google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -863,7 +711,6 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -885,7 +732,6 @@ gopkg.in/mcuadros/go-syslog.v2 v2.3.0/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From c648595cd73a2d605cd7d9575b72b367755c7ec8 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 20 Dec 2022 22:55:25 -0500 Subject: [PATCH 436/494] update the nginx run container for alpine:3.17.0 (#9430) Signed-off-by: James Strong Signed-off-by: James Strong --- images/nginx/rootfs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 89bd652b0..a9b01ff82 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.16.2 +FROM alpine:3.17.0 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin From 6ffaef32ab4337943ab8fb0630652eb7f8102cbe Mon Sep 17 00:00:00 2001 From: Saumya <76432998+SaumyaBhushan@users.noreply.github.com> Date: Wed, 21 Dec 2022 14:13:25 +0530 Subject: [PATCH 437/494] Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9432) --- build/run-in-docker.sh | 2 +- images/test-runner/rootfs/Dockerfile | 2 +- test/e2e/run-chart-test.sh | 2 +- test/e2e/run.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index c566bc8a0..c00453481 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -77,7 +77,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "FLAGS=$FLAGS" go env set -x - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index f471e81cc..1e8bc3643 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -55,7 +55,7 @@ ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" -RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 && go install golang.org/x/lint/golint@latest +RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 && go install golang.org/x/lint/golint@latest ARG RESTY_CLI_VERSION ARG RESTY_CLI_SHA diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 606215f17..e501ca6fe 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 9ca490baa..17dad6c39 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -79,7 +79,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 fi echo "[dev-env] building image" From a667c93adeb9c4a7b8c50ee4c43e229a86e7e415 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Dec 2022 00:49:26 -0800 Subject: [PATCH 438/494] Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#9397) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3c88a910b..b074e7c10 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a - golang.org/x/crypto v0.3.0 + golang.org/x/crypto v0.4.0 google.golang.org/grpc v1.51.0 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 diff --git a/go.sum b/go.sum index 8362b75ba..684ae5beb 100644 --- a/go.sum +++ b/go.sum @@ -423,8 +423,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= +golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= From 6ed6a76200595a7c6843322c60491fef2c86a864 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 21 Dec 2022 09:51:26 +0100 Subject: [PATCH 439/494] HPA: Add `controller.autoscaling.annotations` to `values.yaml`. (#9253) This value is already in use, but hasn't been added to `values.yaml`. --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 0e2800d94..af71493fe 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -295,6 +295,7 @@ Kubernetes: `>=1.20.0-0` | controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # | | controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected | | controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # | +| controller.autoscaling.annotations | object | `{}` | | | controller.autoscaling.apiVersion | string | `"autoscaling/v2"` | | | controller.autoscaling.behavior | object | `{}` | | | controller.autoscaling.enabled | bool | `false` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 161f974fe..b7089addb 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -366,6 +366,7 @@ controller: autoscaling: apiVersion: autoscaling/v2 enabled: false + annotations: {} minReplicas: 1 maxReplicas: 11 targetCPUUtilizationPercentage: 50 From f685c9b379de340814d2e4014cca85431d717b41 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 21 Dec 2022 12:36:20 -0500 Subject: [PATCH 440/494] force rebuild for curl cve Signed-off-by: James Strong --- images/nginx/rootfs/build.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 6d8937a22..8023575c0 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -177,7 +177,8 @@ apk add \ mercurial \ alpine-sdk \ findutils \ - curl ca-certificates \ + curl \ + ca-certificates \ patch \ libaio-dev \ openssl \ From bb60e02e960340c382f0bcd4b21292fb06f80602 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 22 Dec 2022 16:37:26 +0100 Subject: [PATCH 441/494] CI updates (#9440) * add labels to dependabot prs Signed-off-by: cpanato * sync hashes and versions dependabot can update the version comment now Signed-off-by: cpanato Signed-off-by: cpanato --- .github/dependabot.yml | 10 ++- .github/workflows/ci.yaml | 81 +++++++++++----------- .github/workflows/depreview.yaml | 4 +- .github/workflows/docs.yaml | 10 ++- .github/workflows/helm.yaml | 14 ++-- .github/workflows/junit-reports.yaml | 13 ++-- .github/workflows/perftest.yaml | 7 +- .github/workflows/plugin.yaml | 9 +-- .github/workflows/project.yml | 4 +- .github/workflows/scorecards.yml | 20 +++--- .github/workflows/vulnerability-scans.yaml | 72 +++++++++---------- 11 files changed, 125 insertions(+), 119 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 404ed62e1..28a5e5580 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,7 +5,15 @@ updates: directory: "/" schedule: interval: "weekly" + labels: + - "area/dependency" + - "release-note-none" + - "ok-to-test" - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "weekly" + labels: + - "area/dependency" + - "release-note-none" + - "ok-to-test" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 74bca7a72..d1a9936b5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,9 +33,9 @@ jobs: steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} @@ -59,10 +59,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Run Gosec Security Scanner - uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # master + uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # v2.14.0 with: # G601 for zz_generated.deepcopy.go # G306 TODO: Expect WriteFile permissions to be 0600 or less @@ -74,26 +74,25 @@ jobs: runs-on: ubuntu-latest needs: changes if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} - + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - name: Set up Go 1.19.4 + - name: Set up Go id: go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: '1.19.4' + go-version: '1.19' + check-latest: true - name: Set up QEMU - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 #v2.0.0 + uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.0.0 + uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1 with: version: latest @@ -104,7 +103,7 @@ jobs: run: | sudo apt-get -qq update || true sudo apt-get install -y pigz - curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl + curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.25.5/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl @@ -138,24 +137,24 @@ jobs: - changes - build if: | - (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} + (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} strategy: matrix: k8s: [v1.23.13, v1.24.7, v1.25.3] steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: '1.19.4' + go-version: '1.19' + check-latest: true - name: cache - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 with: name: docker.tar.gz @@ -192,7 +191,7 @@ jobs: run: | kind create cluster --image=kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1 + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 with: name: docker.tar.gz failOnError: false @@ -211,7 +210,6 @@ jobs: kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-chart-tests - kubernetes: name: Kubernetes runs-on: ubuntu-latest @@ -219,19 +217,18 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} + (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} strategy: matrix: k8s: [v1.23.13, v1.24.7, v1.25.3] steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: cache - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v2 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 with: name: docker.tar.gz @@ -240,7 +237,7 @@ jobs: run: | kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1 + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 with: name: docker.tar.gz failOnError: false @@ -260,7 +257,7 @@ jobs: make kind-e2e-test - name: Uplaod e2e junit-reports - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 if: success() || failure() with: name: e2e-test-reports-${{ matrix.k8s }} @@ -273,7 +270,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} + (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} strategy: matrix: @@ -282,10 +279,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: cache - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 with: name: docker.tar.gz @@ -294,7 +291,7 @@ jobs: run: | kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 with: name: docker.tar.gz failOnError: false @@ -313,9 +310,9 @@ jobs: run: | kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-test - + - name: Uplaod e2e junit-reports - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 if: success() || failure() with: name: e2e-test-reports-chroot-${{ matrix.k8s }} @@ -331,9 +328,9 @@ jobs: PLATFORMS: linux/amd64,linux/arm64 steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} @@ -388,7 +385,6 @@ jobs: run: | cd images/ext-auth-example-authsvc && make build - test-image: permissions: contents: read # for dorny/paths-filter to fetch a list of changed files @@ -405,9 +401,9 @@ jobs: steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} @@ -421,12 +417,13 @@ jobs: run: | kind create cluster --image=kindest/node:${{ matrix.k8s }} - - name: Set up Go 1.19.4 + - name: Set up Go id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: '1.19.4' + go-version: '1.19' + check-latest: true - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 5a22ea5ff..758e4b95f 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: 'Dependency Review' - uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 #v2.0.2 + uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 # v3.0.2 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 879f90d85..241921ecf 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -22,11 +22,10 @@ jobs: charts: ${{ steps.filter.outputs.charts }} steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} @@ -47,11 +46,10 @@ jobs: contents: write # needed to write releases steps: - - name: Checkout master - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Deploy uses: ./.github/actions/mkdocs env: - PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 0e9f74b50..5d96507a1 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -22,11 +22,10 @@ jobs: charts: ${{ steps.filter.outputs.charts }} steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} @@ -49,9 +48,8 @@ jobs: (needs.changes.outputs.charts == 'true') steps: - - name: Checkout master - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 @@ -61,12 +59,12 @@ jobs: run: | git config --global user.name "$GITHUB_ACTOR" git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - + - name: Helm Chart Releaser - uses: helm/chart-releaser-action@98bccfd32b0f76149d188912ac8e45ddd3f8695f #v1.4.1 + uses: helm/chart-releaser-action@98bccfd32b0f76149d188912ac8e45ddd3f8695f # v1.4.1 env: CR_SKIP_EXISTING: "false" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" with: - charts_dir: charts \ No newline at end of file + charts_dir: charts diff --git a/.github/workflows/junit-reports.yaml b/.github/workflows/junit-reports.yaml index f02e68466..eb25bbeca 100644 --- a/.github/workflows/junit-reports.yaml +++ b/.github/workflows/junit-reports.yaml @@ -1,4 +1,5 @@ name: 'E2E Test Report' + on: workflow_run: workflows: ['CI'] # runs after CI workflow @@ -8,9 +9,9 @@ jobs: report: runs-on: ubuntu-latest steps: - - uses: dorny/test-reporter@v1 - with: - artifact: /e2e-test-reports-(.*)/ - name: JEST Tests $1 # Name of the check run which will be created - path: 'report*.xml' # Path to test results (inside artifact .zip) - reporter: jest-junit # Format of test results + - uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 + with: + artifact: /e2e-test-reports-(.*)/ + name: JEST Tests $1 # Name of the check run which will be created + path: 'report*.xml' # Path to test results (inside artifact .zip) + reporter: jest-junit # Format of test results diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index 7205b0c08..89dfdfad6 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -1,4 +1,5 @@ name: Performance Test + on: workflow_dispatch: inputs: @@ -18,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Install K6 run: | @@ -33,7 +34,7 @@ jobs: mkdir $HOME/.kube make dev-env podName=`kubectl -n ingress-nginx get po | grep -i controller | awk '{print $1}'` - if [[ -z ${podName} ]] ; then + if [[ -z ${podName} ]] ; then sleep 5 fi kubectl wait pod -n ingress-nginx --for condition=Ready $podName @@ -46,7 +47,7 @@ jobs: kubectl create ing k6 --class nginx \ --rule test.ingress-nginx-controller.ga/*=k6:80 podName=`kubectl get po | grep -i k6 | awk '{print $1}'` - if [[ -z ${podName} ]] ; then + if [[ -z ${podName} ]] ; then sleep 5 fi kubectl wait pod --for condition=Ready $podName diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index c8fca8cca..779cd1da8 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -17,17 +17,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: 1.19.4 + go-version: 1.19 + check-latest: true - name: Run GoReleaser - uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v3.0.0 + uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v4.1.0 with: version: latest args: release --rm-dist diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index 9baa09bf2..d75435712 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -11,9 +11,9 @@ jobs: runs-on: ubuntu-latest permissions: repository-projects: write - issues: write + issues: write steps: - - uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 #v0.4.0 + - uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 # v0.4.0 with: project-url: https://github.com/orgs/kubernetes/projects/104 github-token: ${{ secrets.PROJECT_WRITER }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index cb2aabf95..6af70e691 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -1,11 +1,13 @@ name: Scorecards supply-chain security + on: # Only the default branch is supported. branch_protection_rule: schedule: - cron: '20 11 * * 5' push: - branches: [ "main" ] + branches: + - "main" # Declare default permissions as read only. permissions: read-all @@ -22,15 +24,15 @@ jobs: # Needs for private repositories. contents: read actions: read - + steps: - name: "Checkout code" - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@937ffa90d79c7d720498178154ad4c7ba1e4ad8c # v1.1.1 + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 with: results_file: results.sarif results_format: sarif @@ -41,22 +43,22 @@ jobs: # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless + # https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories, `publish_results` will automatically be set to `false`, regardless # of the value entered here. publish_results: true # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.0.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 with: name: SARIF file path: results.sarif retention-days: 5 - + # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.14 + uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 9eaebd865..67fad3187 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: versions: ${{ steps.version.outputs.TAGS }} steps: - name: Checkout code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 @@ -46,47 +46,47 @@ jobs: scan: runs-on: ubuntu-latest - needs: version + needs: version strategy: matrix: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - - name: Checkout code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + - name: Checkout code + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - shell: bash - id: test - run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" + - shell: bash + id: test + run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" - - name: Scan image with AquaSec/Trivy - id: scan - uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 #v0.5.1 - with: - image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} - format: 'sarif' - output: trivy-results-${{ matrix.versions }}.sarif - exit-code: 0 - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' + - name: Scan image with AquaSec/Trivy + id: scan + uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # v0.8.0 + with: + image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} + format: 'sarif' + output: trivy-results-${{ matrix.versions }}.sarif + exit-code: 0 + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' - - name: Output Sarif File - shell: bash - run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif + - name: Output Sarif File + shell: bash + run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif - # This step checks out a copy of your repository. - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 - with: - token: ${{ github.token }} - # Path to SARIF file relative to the root of the repository - sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif + # This step checks out a copy of your repository. + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37 + with: + token: ${{ github.token }} + # Path to SARIF file relative to the root of the repository + sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif - - name: Vulz Count - shell: bash - run: | - TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length') - echo "TRIVY_COUNT: $TRIVY_COUNT" - echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY - echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY + - name: Vulz Count + shell: bash + run: | + TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length') + echo "TRIVY_COUNT: $TRIVY_COUNT" + echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY + echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY From 7206f488abf4c54c33dc3e7bd03dfe17d2f2259d Mon Sep 17 00:00:00 2001 From: Saumya <76432998+SaumyaBhushan@users.noreply.github.com> Date: Thu, 22 Dec 2022 23:49:26 +0530 Subject: [PATCH 442/494] avoid builds and tests for non-code changes (#9392) * avoid builds and tests for non-code changes * dummy test for workflow --- .github/workflows/ci.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d1a9936b5..596a26b31 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -4,10 +4,16 @@ on: pull_request: branches: - "*" + paths-ignore: + - 'docs/**' + - 'deploy/**' push: branches: - main + paths-ignore: + - 'docs/**' + - 'deploy/**' workflow_dispatch: inputs: From 30d6f7e14043dafba40f078e9f2d8cb4e4f97c51 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 23 Dec 2022 22:27:25 -0500 Subject: [PATCH 443/494] test the new e2e test images (#9444) Signed-off-by: James Strong Signed-off-by: James Strong --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index c00453481..511c5475f 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221125-controller-v1.5.1-21-g9d562c47a@sha256:50c5469f08b664e928a3035ac94a2348955b669d7ac33809abc674c8fd6c19c1} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221221-controller-v1.5.1-62-g6ffaef32a@sha256:8f025472964cd15ae2d379503aba150565a8d78eb36b41ddfc5f1e3b1ca81a8e} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 64094ec34..f89bf6bf2 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20221125-controller-v1.5.1-21-g9d562c47a@sha256:50c5469f08b664e928a3035ac94a2348955b669d7ac33809abc674c8fd6c19c1" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20221221-controller-v1.5.1-62-g6ffaef32a@sha256:8f025472964cd15ae2d379503aba150565a8d78eb36b41ddfc5f1e3b1ca81a8e" image: echo "..entered Makefile in /test/e2e-image" From c50a9e99bc594d10f9c3a49abab223b8839deecb Mon Sep 17 00:00:00 2001 From: James Strong Date: Sat, 24 Dec 2022 09:17:27 -0500 Subject: [PATCH 444/494] upgrade nginx base image (#9436) * upgrade nginx base and e2e base Signed-off-by: James Strong * upgrade e2e base Signed-off-by: James Strong * update new build Signed-off-by: James Strong * update to latest e2e base Signed-off-by: James Strong * remove e2e update Signed-off-by: James Strong * remove e2e update Signed-off-by: James Strong Signed-off-by: James Strong --- NGINX_BASE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NGINX_BASE b/NGINX_BASE index 45654c627..72093c593 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:0b5e0685112e4537ee20a0bdbba451e9f6158aa3@sha256:3f5e28bb248d5170e77b77fc2a1a385724aeff41a0b34b5afad7dd9cf93de000 +registry.k8s.io/ingress-nginx/nginx:21aa7f55a3325c1c26de0dfb62ede4c0a809a994@sha256:da6b877ed96dada46ed6e379051c2dd461dd5d329af7a7531820ad3e16197e20 \ No newline at end of file From 336f25230beecdc4c9d06f448368a1cf51b1beac Mon Sep 17 00:00:00 2001 From: James Strong Date: Sat, 24 Dec 2022 14:23:26 -0500 Subject: [PATCH 445/494] start release 1.5.2 (#9445) * start release 1.5.2 Signed-off-by: James Strong * upgrade kind clusters and add 1.26 Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/ci.yaml | 8 ++++---- TAG | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 596a26b31..d064fa6a2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -147,7 +147,7 @@ jobs: strategy: matrix: - k8s: [v1.23.13, v1.24.7, v1.25.3] + k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] steps: - name: Checkout @@ -227,7 +227,7 @@ jobs: strategy: matrix: - k8s: [v1.23.13, v1.24.7, v1.25.3] + k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] steps: - name: Checkout @@ -280,7 +280,7 @@ jobs: strategy: matrix: - k8s: [v1.23.13, v1.24.7, v1.25.3] + k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] steps: @@ -403,7 +403,7 @@ jobs: strategy: matrix: - k8s: [ v1.23.13, v1.24.7, v1.25.3 ] + k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] steps: - name: Checkout diff --git a/TAG b/TAG index 53b5bbb12..a503124bd 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.1 +v1.5.2 From 26507e0fa4d545d1aaa8b9ba5754ba96f47161d6 Mon Sep 17 00:00:00 2001 From: James Strong Date: Sat, 24 Dec 2022 15:51:50 -0500 Subject: [PATCH 446/494] with chroot now it can take longer than 30 mins Signed-off-by: James Strong --- cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index a9d4a214c..d3f1eed62 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -1,6 +1,6 @@ # See https://cloud.google.com/cloud-build/docs/build-config -timeout: 1800s +timeout: 18000s options: substitution_option: ALLOW_LOOSE steps: From d2ba8e6b6bc137bf9628b2d57cb3967716bde773 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 26 Dec 2022 16:16:40 -0500 Subject: [PATCH 447/494] Reset tag to restart 1.5.2 release gcloud timed out on the 1.5.2 build, so we need to restart the release process, so reverting the tag. --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index a503124bd..53b5bbb12 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.2 +v1.5.1 From 69b3e7e8c110a91b84fff3155b9c807fa9138adc Mon Sep 17 00:00:00 2001 From: Aleksandr Lebedev <49903054+alebsys@users.noreply.github.com> Date: Tue, 27 Dec 2022 04:23:26 +0700 Subject: [PATCH 448/494] Update command line arguments documentation (#9224) * update cli-arguents.md with latest version flags.go * correct punctuation in pkg/flag/flags.go --- docs/user-guide/cli-arguments.md | 51 ++++++++++++++------------------ pkg/flags/flags.go | 32 ++++++++++---------- 2 files changed, 39 insertions(+), 44 deletions(-) diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index 9d7bd9fc6..ab483b1cd 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -6,22 +6,23 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | Argument | Description | |----------|-------------| -| `--add_dir_header` | If true, adds the file directory to the header | -| `--alsologtostderr` | log to standard error as well as files | | `--annotations-prefix` | Prefix of the Ingress annotations specific to the NGINX controller. (default "nginx.ingress.kubernetes.io") | | `--apiserver-host` | Address of the Kubernetes API server. Takes the form "protocol://address:port". If not specified, it is assumed the program runs inside a Kubernetes cluster and local discovery is attempted. | | `--certificate-authority` | Path to a cert file for the certificate authority. This certificate is used only when the flag --apiserver-host is specified. | | `--configmap` | Name of the ConfigMap containing custom global configurations for the controller. | +| `--controller-class` | Ingress Class Controller value this Ingress satisfies. The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.19.0 or higher. The .spec.controller value of the IngressClass referenced in an Ingress Object should be the same value specified here to make this object be watched. | | `--deep-inspect` | Enables ingress object security deep inspector. (default true) | | `--default-backend-service` | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form "namespace/name". The controller configures NGINX to forward requests to the first port of this Service. | | `--default-server-port` | Port to use for exposing the default server (catch-all). (default 8181) | | `--default-ssl-certificate` | Secret containing a SSL certificate to be used by the default HTTPS server (catch-all). Takes the form "namespace/name". | -| `--disable-catch-all` | Disable support for catch-all Ingresses | -| `--disable-full-test` | Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default) | +| `--disable-catch-all` | Disable support for catch-all Ingresses. (default false) | +| `--disable-full-test` | Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default). | +| `--disable-svc-external-name` | Disable support for Services of type ExternalName. (default false) | +| `--dynamic-configuration-retries` | Number of times to retry failed dynamic configuration before failing to sync an ingress. (default 15) | | `--election-id` | Election id to use for Ingress status updates. (default "ingress-controller-leader") | -| `--enable-metrics` | Enables the collection of NGINX metrics (default true) | -| `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. | -| `--enable-ssl-passthrough` | Enable SSL Passthrough. | +| `--enable-metrics` | Enables the collection of NGINX metrics. (default true) | +| `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. (default false)| +| `--enable-ssl-passthrough` | Enable SSL Passthrough. (default false) | | `--health-check-path` | URL path of the health check endpoint. Configured inside the NGINX status server. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. (default "/healthz") | | `--health-check-timeout` | Time limit, in seconds, for a probe to health-check-path to succeed. (default 10) | | `--healthz-port` | Port to use for the healthz endpoint. (default 10254) | @@ -29,48 +30,42 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--http-port` | Port to use for servicing HTTP traffic. (default 80) | | `--https-port` | Port to use for servicing HTTPS traffic. (default 443) | | `--ingress-class` | Name of the ingress class this controller satisfies. The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.18.0 or higher or the annotation "kubernetes.io/ingress.class" (deprecated). If this parameter is not set, or set to the default value of "nginx", it will handle ingresses with either an empty or "nginx" class name. | -| `--ingress-class-by-name` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false) | -| `--internal-logger-address` | Define the internal logger address to use when chroot images is used. (default 127.0.0.1:11514) | +| `--ingress-class-by-name` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false). | +| `--internal-logger-address` | Address to be used when binding internal syslogger. (default 127.0.0.1:11514) | | `--kubeconfig` | Path to a kubeconfig file containing authorization and API server information. | -| `--length-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength. (default `[10, 20, 30, 40, 50, 60, 70, 80, 90, 100]`) | -| `--log_backtrace_at` | when logging hits line file:N, emit a stack trace (default :0) | -| `--log_dir` | If non-empty, write log files in this directory | -| `--log_file` | If non-empty, use this log file | -| `--log_file_max_size` | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) | -| `--logtostderr` | log to standard error instead of files (default true) | +| `--length-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength. (default `[10, 20, 30, 40, 50, 60, 70, 80, 90, 100]`) | | `--maxmind-edition-ids` | Maxmind edition ids to download GeoLite2 Databases. (default "GeoLite2-City,GeoLite2-ASN") | | `--maxmind-retries-timeout` | Maxmind downloading delay between 1st and 2nd attempt, 0s - do not retry to download if something went wrong. (default 0s) | | `--maxmind-retries-count` | Number of attempts to download the GeoIP DB. (default 1) | -| `--maxmind-license-key` | Maxmind license key to download GeoLite2 Databases. https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | -| `--metrics-per-host` | Export metrics per-host (default true) | +| `--maxmind-license-key` | Maxmind license key to download GeoLite2 Databases. https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases . | +| `--maxmind-mirror` | Maxmind mirror url (example: http://geoip.local/databases. | +| `--metrics-per-host` | Export metrics per-host. (default true) | +| `--monitor-max-batch-size` | Max batch size of NGINX metrics. (default 10000)| | `--post-shutdown-grace-period` | Additional delay in seconds before controller container exits. (default 10) | | `--profiler-port` | Port to use for expose the ingress controller Go profiler when it is enabled. (default 10245) | -| `--profiling` | Enable profiling via web interface host:port/debug/pprof/ (default true) | +| `--profiling` | Enable profiling via web interface host:port/debug/pprof/ . (default true) | | `--publish-service` | Service fronting the Ingress controller. Takes the form "namespace/name". When used together with update-status, the controller mirrors the address of this service's endpoints to the load-balancer status of all Ingress objects it satisfies. | | `--publish-status-address` | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. Requires the update-status parameter. | -| `--report-node-internal-ip-address`| Set the load-balancer status of Ingress objects to internal Node addresses instead of external. Requires the update-status parameter. | +| `--report-node-internal-ip-address`| Set the load-balancer status of Ingress objects to internal Node addresses instead of external. Requires the update-status parameter. (default false) | | `--report-status-classes` | If true, report status classes in metrics (2xx, 3xx, 4xx and 5xx) instead of full status codes. (default false) | -| `--skip_headers` | If true, avoid header prefixes in the log messages | -| `--skip_log_headers` | If true, avoid headers when opening log files | | `--ssl-passthrough-proxy-port` | Port to use internally for SSL Passthrough. (default 442) | -| `--size-buckets` | Set of buckets which will be used for prometheus histogram metrics such as BytesSent. (default `[10, 100, 1000, 10000, 100000, 1e+06, 1e+07]`) | | `--status-port` | Port to use for the lua HTTP endpoint configuration. (default 10246) | -| `--status-update-interval` | Time interval in seconds in which the status should check if an update is required. Default is 60 seconds (default 60) | -| `--stderrthreshold` | logs at or above this threshold go to stderr (default 2) | +| `--status-update-interval` | Time interval in seconds in which the status should check if an update is required. Default is 60 seconds. (default 60) | | `--stream-port` | Port to use for the lua TCP/UDP endpoint configuration. (default 10247) | | `--sync-period` | Period at which the controller forces the repopulation of its local object stores. Disabled by default. | -| `--sync-rate-limit` | Define the sync frequency upper limit (default 0.3) | +| `--sync-rate-limit` | Define the sync frequency upper limit. (default 0.3) | | `--tcp-services-configmap` | Name of the ConfigMap containing the definition of the TCP services to expose. The key in the map indicates the external port to be used. The value is a reference to a Service in the form "namespace/name:port", where "port" can either be a port number or name. TCP ports 80 and 443 are reserved by the controller for servicing HTTP traffic. | -| `--time-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime. (default `[0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]`) | +| `--time-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime. (default `[0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]`) | | `--udp-services-configmap` | Name of the ConfigMap containing the definition of the UDP services to expose. The key in the map indicates the external port to be used. The value is a reference to a Service in the form "namespace/name:port", where "port" can either be a port name or number. | | `--update-status` | Update the load-balancer status of Ingress objects this controller satisfies. Requires setting the publish-service parameter to a valid Service reference. (default true) | | `--update-status-on-shutdown` | Update the load-balancer status of Ingress objects when the controller shuts down. Requires the update-status parameter. (default true) | -| `--shutdown-grace-period` | Seconds to wait after receiving the shutdown signal, before stopping the nginx process. | +| `--shutdown-grace-period` | Seconds to wait after receiving the shutdown signal, before stopping the nginx process. (default 0) | +| `--size-buckets` | Set of buckets which will be used for prometheus histogram metrics such as BytesSent. (default `[10, 100, 1000, 10000, 100000, 1e+06, 1e+07]`) | | `-v, --v Level` | number for the log level verbosity | | `--validating-webhook` | The address to start an admission controller on to validate incoming ingresses. Takes the form ":port". If not provided, no admission controller is started. | | `--validating-webhook-certificate` | The path of the validating webhook certificate PEM. | | `--validating-webhook-key` | The path of the validating webhook key PEM. | | `--version` | Show release information about the NGINX Ingress controller and exit. | -| `--vmodule` | comma-separated list of pattern=N settings for file-filtered logging | +| `--watch-ingress-without-class` | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. (default false) | | `--watch-namespace` | Namespace the controller watches for updates to Kubernetes objects. This includes Ingresses, Services and all configuration resources. All namespaces are watched if this parameter is left empty. | | `--watch-namespace-selector` | The controller will watch namespaces whose labels match the given selector. This flag only takes effective when `--watch-namespace` is empty. | diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go index 877000a7d..65b5fbcdc 100644 --- a/pkg/flags/flags.go +++ b/pkg/flags/flags.go @@ -74,10 +74,10 @@ The class of an Ingress object is set using the field IngressClassName in Kubern referenced in an Ingress Object should be the same value specified here to make this object be watched.`) watchWithoutClass = flags.Bool("watch-ingress-without-class", false, - `Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified`) + `Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified.`) ingressClassByName = flags.Bool("ingress-class-by-name", false, - `Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class`) + `Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class.`) configMap = flags.String("configmap", "", `Name of the ConfigMap containing custom global configurations for the controller.`) @@ -112,7 +112,7 @@ namespaces are watched if this parameter is left empty.`) `Selector selects namespaces the controller watches for updates to Kubernetes objects.`) profiling = flags.Bool("profiling", true, - `Enable profiling via web interface host:port/debug/pprof/`) + `Enable profiling via web interface host:port/debug/pprof/ .`) defSSLCertificate = flags.String("default-ssl-certificate", "", `Secret containing a SSL certificate to be used by the default HTTPS server (catch-all). @@ -147,7 +147,7 @@ Requires the update-status parameter.`) `Enable SSL Passthrough.`) disableServiceExternalName = flags.Bool("disable-svc-external-name", false, - `Disable support for Services of type ExternalName`) + `Disable support for Services of type ExternalName.`) annotationsPrefix = flags.String("annotations-prefix", parser.DefaultAnnotationsPrefix, `Prefix of the Ingress annotations specific to the NGINX controller.`) @@ -165,16 +165,16 @@ extension for this to succeed.`) Requires the update-status parameter.`) enableMetrics = flags.Bool("enable-metrics", true, - `Enables the collection of NGINX metrics`) + `Enables the collection of NGINX metrics.`) metricsPerHost = flags.Bool("metrics-per-host", true, - `Export metrics per-host`) + `Export metrics per-host.`) reportStatusClasses = flags.Bool("report-status-classes", false, - `Use status classes (2xx, 3xx, 4xx and 5xx) instead of status codes in metrics`) + `Use status classes (2xx, 3xx, 4xx and 5xx) instead of status codes in metrics.`) - timeBuckets = flags.Float64Slice("time-buckets", prometheus.DefBuckets, "Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime") - lengthBuckets = flags.Float64Slice("length-buckets", prometheus.LinearBuckets(10, 10, 10), "Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength") - sizeBuckets = flags.Float64Slice("size-buckets", prometheus.ExponentialBuckets(10, 10, 7), "Set of buckets which will be used for prometheus histogram metrics such as BytesSent") - monitorMaxBatchSize = flags.Int("monitor-max-batch-size", 10000, "Max batch size of NGINX metrics") + timeBuckets = flags.Float64Slice("time-buckets", prometheus.DefBuckets, "Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime.") + lengthBuckets = flags.Float64Slice("length-buckets", prometheus.LinearBuckets(10, 10, 10), "Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength.") + sizeBuckets = flags.Float64Slice("size-buckets", prometheus.ExponentialBuckets(10, 10, 7), "Set of buckets which will be used for prometheus histogram metrics such as BytesSent.") + monitorMaxBatchSize = flags.Int("monitor-max-batch-size", 10000, "Max batch size of NGINX metrics.") httpPort = flags.Int("http-port", 80, `Port to use for servicing HTTP traffic.`) httpsPort = flags.Int("https-port", 443, `Port to use for servicing HTTPS traffic.`) @@ -185,7 +185,7 @@ Requires the update-status parameter.`) healthzHost = flags.String("healthz-host", "", "Address to bind the healthz endpoint.") disableCatchAll = flags.Bool("disable-catch-all", false, - `Disable support for catch-all Ingresses`) + `Disable support for catch-all Ingresses.`) validationWebhook = flags.String("validating-webhook", "", `The address to start an admission controller on to validate incoming ingresses. @@ -195,12 +195,12 @@ Takes the form ":port". If not provided, no admission controller is starte validationWebhookKey = flags.String("validating-webhook-key", "", `The path of the validating webhook key PEM.`) disableFullValidationTest = flags.Bool("disable-full-test", false, - `Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default)`) + `Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default).`) statusPort = flags.Int("status-port", 10246, `Port to use for the lua HTTP endpoint configuration.`) streamPort = flags.Int("stream-port", 10247, "Port to use for the lua TCP/UDP endpoint configuration.") - internalLoggerAddress = flags.String("internal-logger-address", "127.0.0.1:11514", "Address to be used when binding internal syslogger") + internalLoggerAddress = flags.String("internal-logger-address", "127.0.0.1:11514", "Address to be used when binding internal syslogger.") profilerPort = flags.Int("profiler-port", 10245, "Port to use for expose the ingress controller Go profiler when it is enabled.") profilerAddress = flags.IP("profiler-address", net.ParseIP("127.0.0.1"), "IP address used by the ingress controller to expose the Go Profiler when it is enabled.") @@ -216,9 +216,9 @@ Takes the form ":port". If not provided, no admission controller is starte dynamicConfigurationRetries = flags.Int("dynamic-configuration-retries", 15, "Number of times to retry failed dynamic configuration before failing to sync an ingress.") ) - flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases`) + flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases.`) flags.StringVar(&nginx.MaxmindLicenseKey, "maxmind-license-key", "", `Maxmind license key to download GeoLite2 Databases. -https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases`) +https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases .`) flags.StringVar(&nginx.MaxmindEditionIDs, "maxmind-edition-ids", "GeoLite2-City,GeoLite2-ASN", `Maxmind edition ids to download GeoLite2 Databases.`) flags.IntVar(&nginx.MaxmindRetriesCount, "maxmind-retries-count", 1, "Number of attempts to download the GeoIP DB.") flags.DurationVar(&nginx.MaxmindRetriesTimeout, "maxmind-retries-timeout", time.Second*0, "Maxmind downloading delay between 1st and 2nd attempt, 0s - do not retry to download if something went wrong.") From e0733c7fd0520ec8d7f351ca49b09199d35d35df Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 26 Dec 2022 17:17:27 -0500 Subject: [PATCH 449/494] restart 1.5.2 release process (#9450) --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 53b5bbb12..a503124bd 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.1 +v1.5.2 From a8f4f2987103092fb12feb865861368d92da2d35 Mon Sep 17 00:00:00 2001 From: Saumya <76432998+SaumyaBhushan@users.noreply.github.com> Date: Wed, 28 Dec 2022 23:43:29 +0530 Subject: [PATCH 450/494] updated the link in RELEASE.md file (#9456) --- RELEASE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 589b9ee7f..ca0faa4e1 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -89,7 +89,7 @@ Promoting the images basically means that images, that were pushed to staging co - The sha is also visible here https://console.cloud.google.com/gcr/images/k8s-staging-ingress-nginx/global/controller - - The sha is also visible [here]((https://prow.k8s.io/?repo=kubernetes%2Fingress-nginx&job=post-*)), after cloud build is finished. Click on the respective job, go to `Artifacts` section in the UI, then again `artifacts` in the directory browser. In the `build.log` at the very bottom you see something like this: + - The sha is also visible [here](https://prow.k8s.io/?repo=kubernetes%2Fingress-nginx&job=post-*), after cloud build is finished. Click on the respective job, go to `Artifacts` section in the UI, then again `artifacts` in the directory browser. In the `build.log` at the very bottom you see something like this: ``` ... @@ -113,7 +113,7 @@ Promoting the images basically means that images, that were pushed to staging co - For making it easier, you can edit your branch directly in the browser. But be careful about making any mistake. -- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before +- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before - Save and commit From fe2bf5cbdf614fe40348c7b2484ead52a7216f5a Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Wed, 28 Dec 2022 17:59:27 -0300 Subject: [PATCH 451/494] Add sslpassthrough tests (#9457) --- build/build.sh | 8 +- build/run-in-docker.sh | 16 +-- pkg/tcpproxy/tcp.go | 8 +- test/e2e/framework/deployment.go | 33 +++-- test/e2e/framework/httpexpect/request.go | 29 ++++ test/e2e/settings/ssl_passthrough.go | 165 +++++++++++++++++++++++ 6 files changed, 231 insertions(+), 28 deletions(-) create mode 100644 test/e2e/settings/ssl_passthrough.go diff --git a/build/build.sh b/build/build.sh index f2f1ec2eb..1ae505d91 100755 --- a/build/build.sh +++ b/build/build.sh @@ -16,10 +16,10 @@ GO_BUILD_CMD="go build" -if [ -n "$DEBUG" ]; then - set -x - GO_BUILD_CMD="go build -v" -fi +#if [ -n "$DEBUG" ]; then +# set -x +# GO_BUILD_CMD="go build -v" +#fi set -o errexit set -o nounset diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 511c5475f..d41464e2e 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -65,23 +65,21 @@ fi USER=${USER:-nobody} -echo "..printing env & other vars to stdout" -echo "HOSTNAME=`hostname`" -uname -a -env -echo "DIND_ENABLED=$DOCKER_IN_DOCKER_ENABLED" -echo "done..printing env & other vars to stdout" +#echo "..printing env & other vars to stdout" +#echo "HOSTNAME=`hostname`" +#uname -a +#env +#echo "DIND_ENABLED=$DOCKER_IN_DOCKER_ENABLED" +#echo "done..printing env & other vars to stdout" if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "..reached DIND check TRUE block, inside run-in-docker.sh" echo "FLAGS=$FLAGS" - go env - set -x + #go env go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" - set +x else echo "Reached DIND check ELSE block, inside run-in-docker.sh" docker run \ diff --git a/pkg/tcpproxy/tcp.go b/pkg/tcpproxy/tcp.go index 7bbff80b4..4c34e1f7b 100644 --- a/pkg/tcpproxy/tcp.go +++ b/pkg/tcpproxy/tcp.go @@ -80,6 +80,7 @@ func (p *TCPProxy) Handle(conn net.Conn) { } hostPort := net.JoinHostPort(proxy.IP, fmt.Sprintf("%v", proxy.Port)) + klog.V(4).InfoS("passing to", "hostport", hostPort) clientConn, err := net.Dial("tcp", hostPort) if err != nil { klog.V(4).ErrorS(err, "error dialing proxy", "ip", proxy.IP, "port", proxy.Port, "hostname", proxy.Hostname) @@ -99,7 +100,7 @@ func (p *TCPProxy) Handle(conn net.Conn) { } proxyProtocolHeader := fmt.Sprintf("PROXY %s %s %s %d %d\r\n", protocol, remoteAddr.IP.String(), localAddr.IP.String(), remoteAddr.Port, localAddr.Port) klog.V(4).InfoS("Writing Proxy Protocol", "header", proxyProtocolHeader) - _, err = fmt.Fprintf(clientConn, proxyProtocolHeader) + _, err = fmt.Fprint(clientConn, proxyProtocolHeader) } if err != nil { klog.ErrorS(err, "Error writing Proxy Protocol header") @@ -126,8 +127,5 @@ func pipe(client, server net.Conn) { go doCopy(server, client, cancel) go doCopy(client, server, cancel) - select { - case <-cancel: - return - } + <-cancel } diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index cb6ef9acc..3cfe8f360 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -85,9 +85,10 @@ func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { } deployment := newDeployment(options.name, options.namespace, "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:778ac6d1188c8de8ecabeddd3c37b72c8adc8c712bad2bd7a81fb23a3514934c", 80, int32(options.replicas), - nil, + nil, nil, nil, []corev1.VolumeMount{}, []corev1.Volume{}, + true, ) f.EnsureDeployment(deployment) @@ -183,7 +184,7 @@ func (f *Framework) NGINXDeployment(name string, cfg string, waitendpoint bool) assert.Nil(ginkgo.GinkgoT(), err, "creating configmap") deployment := newDeployment(name, f.Namespace, f.GetNginxBaseImage(), 80, 1, - nil, + nil, nil, nil, []corev1.VolumeMount{ { Name: name, @@ -203,7 +204,7 @@ func (f *Framework) NGINXDeployment(name string, cfg string, waitendpoint bool) }, }, }, - }, + }, true, ) f.EnsureDeployment(deployment) @@ -334,8 +335,8 @@ func (f *Framework) NewGRPCBinDeployment() { assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready") } -func newDeployment(name, namespace, image string, port int32, replicas int32, command []string, - volumeMounts []corev1.VolumeMount, volumes []corev1.Volume) *appsv1.Deployment { +func newDeployment(name, namespace, image string, port int32, replicas int32, command []string, args []string, env []corev1.EnvVar, + volumeMounts []corev1.VolumeMount, volumes []corev1.Volume, setProbe bool) *appsv1.Deployment { probe := &corev1.Probe{ InitialDelaySeconds: 2, PeriodSeconds: 1, @@ -381,9 +382,7 @@ func newDeployment(name, namespace, image string, port int32, replicas int32, co ContainerPort: port, }, }, - ReadinessProbe: probe, - LivenessProbe: probe, - VolumeMounts: volumeMounts, + VolumeMounts: volumeMounts, }, }, Volumes: volumes, @@ -392,10 +391,20 @@ func newDeployment(name, namespace, image string, port int32, replicas int32, co }, } + if setProbe { + d.Spec.Template.Spec.Containers[0].ReadinessProbe = probe + d.Spec.Template.Spec.Containers[0].LivenessProbe = probe + } if len(command) > 0 { d.Spec.Template.Spec.Containers[0].Command = command } + if len(args) > 0 { + d.Spec.Template.Spec.Containers[0].Args = args + } + if len(env) > 0 { + d.Spec.Template.Spec.Containers[0].Env = env + } return d } @@ -404,9 +413,13 @@ func (f *Framework) NewHttpbinDeployment() { f.NewDeployment(HTTPBinService, "registry.k8s.io/ingress-nginx/e2e-test-httpbin@sha256:c6372ef57a775b95f18e19d4c735a9819f2e7bb4641e5e3f27287d831dfeb7e8", 80, 1) } -// NewDeployment creates a new deployment in a particular namespace. func (f *Framework) NewDeployment(name, image string, port int32, replicas int32) { - deployment := newDeployment(name, f.Namespace, image, port, replicas, nil, nil, nil) + f.NewDeploymentWithOpts(name, image, port, replicas, nil, nil, nil, nil, nil, true) +} + +// NewDeployment creates a new deployment in a particular namespace. +func (f *Framework) NewDeploymentWithOpts(name, image string, port int32, replicas int32, command []string, args []string, env []corev1.EnvVar, volumeMounts []corev1.VolumeMount, volumes []corev1.Volume, setProbe bool) { + deployment := newDeployment(name, f.Namespace, image, port, replicas, command, args, env, volumeMounts, volumes, setProbe) f.EnsureDeployment(deployment) diff --git a/test/e2e/framework/httpexpect/request.go b/test/e2e/framework/httpexpect/request.go index 335e3931e..d8edb42ce 100644 --- a/test/e2e/framework/httpexpect/request.go +++ b/test/e2e/framework/httpexpect/request.go @@ -17,8 +17,10 @@ limitations under the License. package httpexpect import ( + "context" "fmt" "io" + "net" "net/http" "net/url" "path" @@ -71,6 +73,33 @@ func (h *HTTPRequest) DoRequest(method, rpath string) *HTTPRequest { return h } +// ForceResolve forces the test resolver to point to a specific endpoint +func (h *HTTPRequest) ForceResolve(ip string, port uint16) *HTTPRequest { + addr := net.ParseIP(ip) + if addr == nil { + h.chain.fail(fmt.Sprintf("invalid ip address: %s", ip)) + return h + } + dialer := &net.Dialer{ + Timeout: h.client.Timeout, + KeepAlive: h.client.Timeout, + DualStack: true, + } + resolveAddr := fmt.Sprintf("%s:%d", ip, int(port)) + + oldTransport, ok := h.client.Transport.(*http.Transport) + if !ok { + h.chain.fail("invalid old transport address") + return h + } + newTransport := oldTransport.Clone() + newTransport.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) { + return dialer.DialContext(ctx, network, resolveAddr) + } + h.client.Transport = newTransport + return h +} + // Expect executes the request and returns an HTTP response. func (h *HTTPRequest) Expect() *HTTPResponse { if h.query != nil { diff --git a/test/e2e/settings/ssl_passthrough.go b/test/e2e/settings/ssl_passthrough.go new file mode 100644 index 000000000..77a3c990e --- /dev/null +++ b/test/e2e/settings/ssl_passthrough.go @@ -0,0 +1,165 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package settings + +import ( + "context" + "crypto/tls" + "fmt" + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.IngressNginxDescribe("[Flag] enable-ssl-passthrough", func() { + f := framework.NewDefaultFramework("ssl-passthrough") + + ginkgo.BeforeEach(func() { + err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { + args := deployment.Spec.Template.Spec.Containers[0].Args + args = append(args, "--enable-ssl-passthrough") + deployment.Spec.Template.Spec.Containers[0].Args = args + _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) + return err + }) + assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags") + + f.WaitForNginxServer("_", + func(server string) bool { + return strings.Contains(server, "listen 442") + }) + }) + + ginkgo.Describe("With enable-ssl-passthrough enabled", func() { + ginkgo.It("should enable ssl-passthrough-proxy-port on a different port", func() { + + err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { + args := deployment.Spec.Template.Spec.Containers[0].Args + args = append(args, "--ssl-passthrough-proxy-port=1442") + deployment.Spec.Template.Spec.Containers[0].Args = args + _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) + return err + }) + assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags") + + f.WaitForNginxServer("_", + func(server string) bool { + return strings.Contains(server, "listen 1442") + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", "something"). + Expect(). + Status(http.StatusNotFound) + }) + + ginkgo.It("should pass unknown traffic to default backend and handle known traffic", func() { + + host := "testpassthrough.com" + echoName := "echopass" + + /* Even with enable-ssl-passthrough enabled, only annotated ingresses may receive the trafic */ + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/ssl-passthrough": "true", + } + + ingressDef := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, echoName, 80, annotations) + tlsConfig, err := framework.CreateIngressTLSSecret(f.KubeClientSet, + ingressDef.Spec.TLS[0].Hosts, + ingressDef.Spec.TLS[0].SecretName, + ingressDef.Namespace) + + volumeMount := []corev1.VolumeMount{ + { + Name: "certs", + ReadOnly: true, + MountPath: "/certs", + }, + } + volume := []corev1.Volume{ + { + Name: "certs", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: ingressDef.Spec.TLS[0].SecretName, + }, + }, + }, + } + envs := []corev1.EnvVar{ + { + Name: "HTTPBUN_SSL_CERT", + Value: "/certs/tls.crt", + }, + { + Name: "HTTPBUN_SSL_KEY", + Value: "/certs/tls.key", + }, + } + f.NewDeploymentWithOpts("echopass", "ghcr.io/sharat87/httpbun:latest", 80, 1, nil, nil, envs, volumeMount, volume, false) + + f.EnsureIngress(ingressDef) + + assert.Nil(ginkgo.GinkgoT(), err) + framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, "listen 442") + }) + + /* This one should not receive traffic as it does not contain passthrough annotation */ + hostBad := "noannotationnopassthrough.com" + ingBad := f.EnsureIngress(framework.NewSingleIngressWithTLS(hostBad, "/", hostBad, []string{hostBad}, f.Namespace, echoName, 80, nil)) + tlsConfigBad, err := framework.CreateIngressTLSSecret(f.KubeClientSet, + ingBad.Spec.TLS[0].Hosts, + ingBad.Spec.TLS[0].SecretName, + ingBad.Namespace) + assert.Nil(ginkgo.GinkgoT(), err) + framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfigBad) + + f.WaitForNginxServer(hostBad, + func(server string) bool { + return strings.Contains(server, "listen 442") + }) + + f.HTTPTestClientWithTLSConfig(&tls.Config{ServerName: host, InsecureSkipVerify: true}). + GET("/"). + WithURL(fmt.Sprintf("https://%s:443", host)). + ForceResolve(f.GetNginxIP(), 443). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClientWithTLSConfig(&tls.Config{ServerName: hostBad, InsecureSkipVerify: true}). + GET("/"). + WithURL(fmt.Sprintf("https://%s:443", hostBad)). + ForceResolve(f.GetNginxIP(), 443). + Expect(). + Status(http.StatusNotFound) + + }) + }) +}) From 2db8552a870c673f72b6d537006d4387195d398b Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 29 Dec 2022 16:35:32 -0500 Subject: [PATCH 452/494] Automated Release Controller 1.5.2 (#9455) Signed-off-by: James Strong Signed-off-by: James Strong --- Changelog.md | 2 + README.md | 1 + changelog/Changelog-1.5.2.md | 79 + charts/ingress-nginx/Chart.yaml | 47 +- charts/ingress-nginx/README.md | 8 +- charts/ingress-nginx/changelog.md.gotmpl | 9 + .../changelog/Changelog-1.5.2.md | 12 + charts/ingress-nginx/values.yaml | 1593 ++++++++--------- deploy/static/provider/aws/deploy.yaml | 57 +- .../aws/nlb-with-tls-termination/deploy.yaml | 57 +- deploy/static/provider/baremetal/deploy.yaml | 57 +- deploy/static/provider/cloud/deploy.yaml | 57 +- deploy/static/provider/do/deploy.yaml | 57 +- deploy/static/provider/exoscale/deploy.yaml | 57 +- deploy/static/provider/kind/deploy.yaml | 57 +- deploy/static/provider/scw/deploy.yaml | 57 +- docs/deploy/index.md | 20 +- docs/e2e-tests.md | 974 +++++++--- hack/generate-e2e-suite-doc.sh | 6 +- 19 files changed, 1822 insertions(+), 1385 deletions(-) create mode 100644 changelog/Changelog-1.5.2.md create mode 100644 charts/ingress-nginx/changelog.md.gotmpl create mode 100644 charts/ingress-nginx/changelog/Changelog-1.5.2.md diff --git a/Changelog.md b/Changelog.md index a7b62be50..400c187f7 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,7 @@ # Changelog +All New change are in [Changelog](./changelog) + ### 1.5.1 * Upgrade NGINX to 1.21.6 diff --git a/README.md b/README.md index f8c020b68..73baa8fd2 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ the versions listed. Ingress-Nginx versions may work on older versions but the p | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.5.2 | 1.26, 1.25, 1.24, 1.23 | 3.17.2 | 1.21.6 | | v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | diff --git a/changelog/Changelog-1.5.2.md b/changelog/Changelog-1.5.2.md new file mode 100644 index 000000000..8b6779e47 --- /dev/null +++ b/changelog/Changelog-1.5.2.md @@ -0,0 +1,79 @@ +# Changelog + +### 1.5.2 +Images: + + * registry.k8s.io/controller:controller-v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + * registry.k8s.io/controller-chroot:controller-v1.5.2@sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b + +### All Changes: + +* restart 1.5.2 release process (#9450) +* Update command line arguments documentation (#9224) +* start release 1.5.2 (#9445) +* upgrade nginx base image (#9436) +* test the new e2e test images (#9444) +* avoid builds and tests for non-code changes (#9392) +* CI updates (#9440) +* HPA: Add `controller.autoscaling.annotations` to `values.yaml`. (#9253) +* update the nginx run container for alpine:3.17.0 (#9430) +* cleanup: remove ioutil for new go version (#9427) +* start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417) +* ci: remove setup-helm step (#9404) +* ci: remove setup-kind step (#9401) +* Add reporter for all tests (#9395) +* added action for issues to project (#9386) +* doc: update NEW_CONTRIBUTOR.md (#9381) +* feat(helm): Optionally use cert-manager instead admission patch (#9279) +* integrated junit-reports with ghactions (#9361) +* [user-guide configmap] fix doc for global-auth-snippet (#9372) +* update OpenTelemetry image (#9308) +* fix: missing CORS headers when auth fails (#9251) +* Fix styling in canary annotation docs. (#9259) +* resolved ginkgo deprecation message (#9365) +* Enable profiler-address to be configured (#9311) +* ModSecurity dependencies update to avoid Memory Leaks (#9330) +* fix(hpa): deprecated api version, bump to v2 (#9348) +* fix(typo): pluralize provider (#9346) +* removed deprecation messsage for ingressClass annotation (#9357) +* added ginkgo junit reports (#9350) +* Fix typos found by codespell (#9353) +* bumped ginkgo to v2.5.1 in testrunner (#9340) +* create nsswitch-conf if missing (#9339) +* remove the configmap related permissions (#9310) +* remove hardcoded datasource from grafana dashboard (#9284) +* update gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b to 3.0.0 (#9277) +* Validate ingress path fields (#9309) +* added SAN to cert create command (#9295) +* Missing controller.ingressClass (#9304) +* OpenTelemetry static linking (#9286) +* Fixed indentation in commented-out autoscaling (#9225) +* run helm release on main only and when the chart/value changes only (#9290) +* fix broken annotation yaml (#9243) +* PDB: Add `maxUnavailable`. (#9278) +* add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) + +### Dependencies updates: +* Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#9397) +* Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9432) +* Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9421) +* Bump github/codeql-action from 2.1.36 to 2.1.37 (#9423) +* Bump actions/checkout from 3.1.0 to 3.2.0 (#9425) +* Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#9426) +* Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#9424) +* Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#9422) +* Bump github.com/prometheus/common from 0.37.0 to 0.39.0 (#9416) +* Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9408) +* Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9398) +* Bump github/codeql-action from 2.1.35 to 2.1.36 (#9400) +* Bump actions/setup-go from 3.3.1 to 3.4.0 (#9370) +* Bump github/codeql-action from 2.1.31 to 2.1.35 (#9369) +* Bump google.golang.org/grpc from 1.50.1 to 1.51.0 (#9316) +* Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 (#9298) +* Bump actions/dependency-review-action from 3.0.0 to 3.0.1 (#9319) +* Bump golang.org/x/crypto from 0.1.0 to 0.3.0 (#9318) +* Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.1 (#9317) +* Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301) +* Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.5.2 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 461601f59..11ab03634 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,31 +1,26 @@ +annotations: + artifacthub.io/changes: | + - "ci: remove setup-helm step (#9404)" + - "feat(helm): Optionally use cert-manager instead admission patch (#9279)" + - "run helm release on main only and when the chart/value changes only (#9290)" + - "Update Ingress-Nginx version controller-v1.5.2" + artifacthub.io/prerelease: "false" apiVersion: v2 -name: ingress-nginx -# When the version is modified, make sure the artifacthub.io/changes list is updated -# Also update CHANGELOG.md -version: 4.4.0 -appVersion: 1.5.1 +appVersion: 1.5.2 +description: Ingress controller for Kubernetes using NGINX as a reverse proxy and + load balancer +engine: gotpl home: https://github.com/kubernetes/ingress-nginx -description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png keywords: - - ingress - - nginx -sources: - - https://github.com/kubernetes/ingress-nginx +- ingress +- nginx +kubeVersion: '>=1.20.0-0' maintainers: - - name: rikatz - - name: strongjz - - name: tao12345666333 -engine: gotpl -kubeVersion: ">=1.20.0-0" -annotations: - # Use this annotation to indicate that this chart version is a pre-release. - # https://artifacthub.io/docs/topics/annotations/helm/ - artifacthub.io/prerelease: "false" - # List of changes for the release in artifacthub.io - # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog - artifacthub.io/changes: | - - Adding support for disabling liveness and readiness probes to the Helm chart - - add:(admission-webhooks) ability to set securityContext - - Updated Helm chart to use the fullname for the electionID if not specified - - Rename controller-wehbooks-networkpolicy.yaml +- name: rikatz +- name: strongjz +- name: tao12345666333 +name: ingress-nginx +sources: +- https://github.com/kubernetes/ingress-nginx +version: 4.4.1 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index af71493fe..4daff76c6 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.4.0](https://img.shields.io/badge/Version-4.4.0-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) +![Version: 4.4.1](https://img.shields.io/badge/Version-4.4.1-informational?style=flat-square) ![AppVersion: 1.5.2](https://img.shields.io/badge/AppVersion-1.5.2-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -332,13 +332,13 @@ Kubernetes: `>=1.20.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629"` | | -| controller.image.digestChroot | string | `"sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345"` | | +| controller.image.digest | string | `"sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655"` | | +| controller.image.digestChroot | string | `"sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.5.1"` | | +| controller.image.tag | string | `"v1.5.2"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/changelog.md.gotmpl b/charts/ingress-nginx/changelog.md.gotmpl new file mode 100644 index 000000000..de9885670 --- /dev/null +++ b/charts/ingress-nginx/changelog.md.gotmpl @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### {{ .NewHelmChartVersion }} +{{ with .HelmUpdates }} +{{ range . }}* {{ . }} +{{ end }}{{ end }} +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-{{ .PreviousHelmChartVersion }}...helm-chart-{{ .NewHelmChartVersion }} diff --git a/charts/ingress-nginx/changelog/Changelog-1.5.2.md b/charts/ingress-nginx/changelog/Changelog-1.5.2.md new file mode 100644 index 000000000..5e0563858 --- /dev/null +++ b/charts/ingress-nginx/changelog/Changelog-1.5.2.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.4.1 + +* ci: remove setup-helm step (#9404) +* feat(helm): Optionally use cert-manager instead admission patch (#9279) +* run helm release on main only and when the chart/value changes only (#9290) +* Update Ingress-Nginx version controller-v1.5.2 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.4.1...helm-chart-4.4.1 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index b7089addb..e5f8922a0 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -14,222 +14,190 @@ commonLabels: {} # myLabel: aakkmd controller: - name: controller - image: - ## Keep false as default for now! - chroot: false - registry: registry.k8s.io - image: ingress-nginx/controller - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: "v1.5.1" - digest: sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 - digestChroot: sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345 - pullPolicy: IfNotPresent - # www-data -> uid 101 - runAsUser: 101 - allowPrivilegeEscalation: true + name: controller + image: + ## Keep false as default for now! + chroot: false + registry: registry.k8s.io + image: ingress-nginx/controller + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "v1.5.2" + digest: sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + digestChroot: sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b + pullPolicy: IfNotPresent + # www-data -> uid 101 + runAsUser: 101 + allowPrivilegeEscalation: true + # -- Use an existing PSP instead of creating one + existingPsp: "" + # -- Configures the controller container name + containerName: controller + # -- Configures the ports that the nginx-controller listens on + containerPort: + http: 80 + https: 443 + # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ + config: {} + # -- Annotations to be added to the controller config configuration configmap. + configAnnotations: {} + # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers + proxySetHeaders: {} + # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers + addHeaders: {} + # -- Optionally customize the pod dnsConfig. + dnsConfig: {} + # -- Optionally customize the pod hostname. + hostname: {} + # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. + # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller + # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. + dnsPolicy: ClusterFirst + # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network + # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply + reportNodeInternalIp: false + # -- Process Ingress objects without ingressClass annotation/ingressClassName field + # Overrides value for --watch-ingress-without-class flag of the controller binary + # Defaults to false + watchIngressWithoutClass: false + # -- Process IngressClass per name (additionally as per spec.controller). + ingressClassByName: false + # -- This configuration defines if Ingress Controller should allow users to set + # their own *-snippet annotations, otherwise this is forbidden / dropped + # when users add those annotations. + # Global snippets in ConfigMap are still respected + allowSnippetAnnotations: true + # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), + # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 + # is merged + hostNetwork: false + ## Use host ports 80 and 443 + ## Disabled by default + hostPort: + # -- Enable 'hostPort' or not + enabled: false + ports: + # -- 'hostPort' http port + http: 80 + # -- 'hostPort' https port + https: 443 + # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' + electionID: "" + ## This section refers to the creation of the IngressClass resource + ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 + ingressClassResource: + # -- Name of the ingressClass + name: nginx + # -- Is this ingressClass enabled or not + enabled: true + # -- Is this the default ingressClass for the cluster + default: false + # -- Controller-value of the controller that is processing this ingressClass + controllerValue: "k8s.io/ingress-nginx" + # -- Parameters is a link to a custom resource containing additional + # configuration for the controller. This is optional if the controller + # does not require extra parameters. + parameters: {} + # -- For backwards compatibility with ingress.class annotation, use ingressClass. + # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation + ingressClass: nginx + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value - # -- Use an existing PSP instead of creating one - existingPsp: "" + # -- Security Context policies for controller pods + podSecurityContext: {} + # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls + sysctls: {} + # sysctls: + # "net.core.somaxconn": "8192" - # -- Configures the controller container name - containerName: controller - - # -- Configures the ports that the nginx-controller listens on - containerPort: - http: 80 - https: 443 - - # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ - config: {} - - # -- Annotations to be added to the controller config configuration configmap. - configAnnotations: {} - - # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers - proxySetHeaders: {} - - # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers - addHeaders: {} - - # -- Optionally customize the pod dnsConfig. - dnsConfig: {} - - # -- Optionally customize the pod hostname. - hostname: {} - - # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. - # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller - # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirst - - # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network - # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply - reportNodeInternalIp: false - - # -- Process Ingress objects without ingressClass annotation/ingressClassName field - # Overrides value for --watch-ingress-without-class flag of the controller binary - # Defaults to false - watchIngressWithoutClass: false - - # -- Process IngressClass per name (additionally as per spec.controller). - ingressClassByName: false - - # -- This configuration defines if Ingress Controller should allow users to set - # their own *-snippet annotations, otherwise this is forbidden / dropped - # when users add those annotations. - # Global snippets in ConfigMap are still respected - allowSnippetAnnotations: true - - # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), - # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 - # is merged - hostNetwork: false - - ## Use host ports 80 and 443 - ## Disabled by default - hostPort: - # -- Enable 'hostPort' or not - enabled: false - ports: - # -- 'hostPort' http port - http: 80 - # -- 'hostPort' https port - https: 443 - - # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' - electionID: "" - - ## This section refers to the creation of the IngressClass resource - ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 - ingressClassResource: - # -- Name of the ingressClass - name: nginx - # -- Is this ingressClass enabled or not - enabled: true - # -- Is this the default ingressClass for the cluster - default: false - # -- Controller-value of the controller that is processing this ingressClass - controllerValue: "k8s.io/ingress-nginx" - - # -- Parameters is a link to a custom resource containing additional - # configuration for the controller. This is optional if the controller - # does not require extra parameters. - parameters: {} - - # -- For backwards compatibility with ingress.class annotation, use ingressClass. - # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation - ingressClass: nginx - - # -- Labels to add to the pod container metadata - podLabels: {} - # key: value - - # -- Security Context policies for controller pods - podSecurityContext: {} - - # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls - sysctls: {} - # sysctls: - # "net.core.somaxconn": "8192" - - # -- Allows customization of the source of the IP address or FQDN to report - # in the ingress status field. By default, it reads the information provided - # by the service. If disable, the status field reports the IP address of the - # node or nodes where an ingress controller pod is running. - publishService: - # -- Enable 'publishService' or not - enabled: true - # -- Allows overriding of the publish service to bind to - # Must be / - pathOverride: "" - - # Limit the scope of the controller to a specific namespace - scope: - # -- Enable 'scope' or not - enabled: false - # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) - namespace: "" - # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels - # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. - namespaceSelector: "" - - # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) - configMapNamespace: "" - - tcp: - # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) + # -- Allows customization of the source of the IP address or FQDN to report + # in the ingress status field. By default, it reads the information provided + # by the service. If disable, the status field reports the IP address of the + # node or nodes where an ingress controller pod is running. + publishService: + # -- Enable 'publishService' or not + enabled: true + # -- Allows overriding of the publish service to bind to + # Must be / + pathOverride: "" + # Limit the scope of the controller to a specific namespace + scope: + # -- Enable 'scope' or not + enabled: false + # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) + namespace: "" + # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels + # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. + namespaceSelector: "" + # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) configMapNamespace: "" - # -- Annotations to be added to the tcp config configmap + tcp: + # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the tcp config configmap + annotations: {} + udp: + # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the udp config configmap + annotations: {} + # -- Maxmind license key to download GeoLite2 Databases. + ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases + maxmindLicenseKey: "" + # -- Additional command line arguments to pass to nginx-ingress-controller + # E.g. to specify the default SSL certificate you can use + extraArgs: {} + ## extraArgs: + ## default-ssl-certificate: "/" + + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + + # -- Use a `DaemonSet` or `Deployment` + kind: Deployment + # -- Annotations to be added to the controller Deployment or DaemonSet + ## annotations: {} + # keel.sh/pollSchedule: "@every 60m" - udp: - # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) - configMapNamespace: "" - # -- Annotations to be added to the udp config configmap - annotations: {} + # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels + ## + labels: {} + # keel.sh/policy: patch + # keel.sh/trigger: poll - # -- Maxmind license key to download GeoLite2 Databases. - ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases - maxmindLicenseKey: "" + # -- The update strategy to apply to the Deployment or DaemonSet + ## + updateStrategy: {} + # rollingUpdate: + # maxUnavailable: 1 + # type: RollingUpdate - # -- Additional command line arguments to pass to nginx-ingress-controller - # E.g. to specify the default SSL certificate you can use - extraArgs: {} - ## extraArgs: - ## default-ssl-certificate: "/" + # -- `minReadySeconds` to avoid killing pods before we are ready + ## + minReadySeconds: 0 + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # -- Additional environment variables to set - extraEnvs: [] - # extraEnvs: - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - - # -- Use a `DaemonSet` or `Deployment` - kind: Deployment - - # -- Annotations to be added to the controller Deployment or DaemonSet - ## - annotations: {} - # keel.sh/pollSchedule: "@every 60m" - - # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels - ## - labels: {} - # keel.sh/policy: patch - # keel.sh/trigger: poll - - - # -- The update strategy to apply to the Deployment or DaemonSet - ## - updateStrategy: {} - # rollingUpdate: - # maxUnavailable: 1 - # type: RollingUpdate - - # -- `minReadySeconds` to avoid killing pods before we are ready - ## - minReadySeconds: 0 - - - # -- Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - # -- Affinity and anti-affinity rules for server scheduling to nodes - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} + # -- Affinity and anti-affinity rules for server scheduling to nodes + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} # # An example of preferred pod anti-affinity, weight is in the range 1-100 # podAntiAffinity: # preferredDuringSchedulingIgnoredDuringExecution: @@ -270,10 +238,10 @@ controller: # - controller # topologyKey: "kubernetes.io/hostname" - # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] + # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule @@ -281,669 +249,605 @@ controller: # matchLabels: # app.kubernetes.io/instance: ingress-nginx-internal - # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready - ## wait up to five minutes for the drain of connections - ## - terminationGracePeriodSeconds: 300 - - # -- Node labels for controller pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: - kubernetes.io/os: linux - - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - ## startupProbe: - ## httpGet: - ## # should match container.healthCheckPath - ## path: "/healthz" - ## port: 10254 - ## scheme: HTTP - ## initialDelaySeconds: 5 - ## periodSeconds: 5 - ## timeoutSeconds: 2 - ## successThreshold: 1 - ## failureThreshold: 5 - livenessProbe: - httpGet: - # should match container.healthCheckPath - path: "/healthz" - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - readinessProbe: - httpGet: - # should match container.healthCheckPath - path: "/healthz" - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - - - # -- Path of the health check endpoint. All requests received on the port defined by - # the healthz-port parameter are forwarded internally to this path. - healthCheckPath: "/healthz" - - # -- Address to bind the health check endpoint. - # It is better to set this option to the internal node address - # if the ingress nginx controller is running in the `hostNetwork: true` mode. - healthCheckHost: "" - - # -- Annotations to be added to controller pods - ## - podAnnotations: {} - - replicaCount: 1 - - # -- Define either 'minAvailable' or 'maxUnavailable', never both. - minAvailable: 1 - # -- Define either 'minAvailable' or 'maxUnavailable', never both. - # maxUnavailable: 1 - - ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes - ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 - ## Ideally, there should be no limits. - ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ - resources: - ## limits: - ## cpu: 100m - ## memory: 90Mi - requests: - cpu: 100m - memory: 90Mi - - # Mutually exclusive with keda autoscaling - autoscaling: - apiVersion: autoscaling/v2 - enabled: false - annotations: {} - minReplicas: 1 - maxReplicas: 11 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - behavior: {} - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 2 - # periodSeconds: 60 - - autoscalingTemplate: [] - # Custom or additional autoscaling metrics - # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics - # - type: Pods - # pods: - # metric: - # name: nginx_ingress_controller_nginx_process_requests_total - # target: - # type: AverageValue - # averageValue: 10000m - - # Mutually exclusive with hpa autoscaling - keda: - apiVersion: "keda.sh/v1alpha1" - ## apiVersion changes with keda 1.x vs 2.x - ## 2.x = keda.sh/v1alpha1 - ## 1.x = keda.k8s.io/v1alpha1 - enabled: false - minReplicas: 1 - maxReplicas: 11 - pollingInterval: 30 - cooldownPeriod: 300 - restoreToOriginalReplicaCount: false - scaledObject: - annotations: {} - # Custom annotations for ScaledObject resource - # annotations: - # key: value - triggers: [] - # - type: prometheus - # metadata: - # serverAddress: http://:9090 - # metricName: http_requests_total - # threshold: '100' - # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) - - behavior: {} - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 2 - # periodSeconds: 60 - - # -- Enable mimalloc as a drop-in replacement for malloc. - ## ref: https://github.com/microsoft/mimalloc - ## - enableMimalloc: true - - ## Override NGINX template - customTemplate: - configMapName: "" - configMapKey: "" - - service: - enabled: true - - # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were - # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # It allows choosing the protocol for each backend specified in the Kubernetes service. - # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 - # Will be ignored for Kubernetes versions older than 1.20 + # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready + ## wait up to five minutes for the drain of connections ## - appProtocol: true - - annotations: {} - labels: {} - # clusterIP: "" - - # -- List of IP addresses at which the controller services are available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + terminationGracePeriodSeconds: 300 + # -- Node labels for controller pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## - externalIPs: [] - - # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - loadBalancerIP: "" - loadBalancerSourceRanges: [] - - enableHttp: true - enableHttps: true - - ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" - - ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". - ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - # sessionAffinity: "" - - ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, - ## the service controller allocates a port from your cluster’s NodePort range. - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - # healthCheckNodePort: 0 - - # -- Represents the dual-stack-ness requested or required by this Service. Possible values are - # SingleStack, PreferDualStack or RequireDualStack. - # The ipFamilies and clusterIPs fields depend on the value of this field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ - ipFamilyPolicy: "SingleStack" - - # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically - # based on cluster configuration and the ipFamilyPolicy field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ - ipFamilies: - - IPv4 - - ports: - http: 80 - https: 443 - - targetPorts: - http: http - https: https - - type: LoadBalancer - - ## type: NodePort - ## nodePorts: - ## http: 32080 - ## https: 32443 - ## tcp: - ## 8080: 32808 - nodePorts: - http: "" - https: "" - tcp: {} - udp: {} - - external: - enabled: true - - internal: - # -- Enables an additional internal load balancer (besides the external one). - enabled: false - # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. - annotations: {} - - # loadBalancerIP: "" - - # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. - loadBalancerSourceRanges: [] - - ## Set external traffic policy to: "Local" to preserve source IP on - ## providers supporting it - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" - - # shareProcessNamespace enables process namespace sharing within the pod. - # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. - shareProcessNamespace: false - - # -- Additional containers to be added to the controller pod. - # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. - extraContainers: [] - # - name: my-sidecar - # image: nginx:latest - # - name: lemonldap-ng-controller - # image: lemonldapng/lemonldap-ng-controller:0.2.0 - # args: - # - /lemonldap-ng-controller - # - --alsologtostderr - # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration - # env: - # - name: POD_NAME - # valueFrom: - # fieldRef: - # fieldPath: metadata.name - # - name: POD_NAMESPACE - # valueFrom: - # fieldRef: - # fieldPath: metadata.namespace - # volumeMounts: - # - name: copy-portal-skins - # mountPath: /srv/var/lib/lemonldap-ng/portal/skins - - # -- Additional volumeMounts to the controller main container. - extraVolumeMounts: [] - # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins - - # -- Additional volumes to the controller pod. - extraVolumes: [] - # - name: copy-portal-skins - # emptyDir: {} - - # -- Containers, which are run before the app containers are started. - extraInitContainers: [] - # - name: init-myservice - # image: busybox - # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - - # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module - extraModules: [] - # containerSecurityContext: - # allowPrivilegeEscalation: false - # - # The image must contain a `/usr/local/bin/init_module.sh` executable, which - # will be executed as initContainers, to move its config files within the - # mounted volume. - - opentelemetry: - enabled: false - image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c - containerSecurityContext: - allowPrivilegeEscalation: false - - admissionWebhooks: - annotations: {} - # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". - - ## Additional annotations to the admission webhooks. - ## These annotations will be added to the ValidatingWebhookConfiguration and - ## the Jobs Spec of the admission webhooks. - enabled: true - # -- Additional environment variables to set - extraEnvs: [] - # extraEnvs: - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - # -- Admission Webhook failure policy to use - failurePolicy: Fail - # timeoutSeconds: 10 - port: 8443 - certificate: "/usr/local/certificates/cert" - key: "/usr/local/certificates/key" - namespaceSelector: {} - objectSelector: {} - # -- Labels to be added to admission webhooks - labels: {} - - # -- Use an existing PSP instead of creating one - existingPsp: "" - networkPolicyEnabled: false - - service: - annotations: {} - # clusterIP: "" - externalIPs: [] - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 443 - type: ClusterIP - - createSecretJob: - securityContext: - allowPrivilegeEscalation: false - resources: {} - # limits: - # cpu: 10m - # memory: 20Mi - # requests: - # cpu: 10m - # memory: 20Mi - - patchWebhookJob: - securityContext: - allowPrivilegeEscalation: false - resources: {} - - patch: - enabled: true - image: - registry: registry.k8s.io - image: ingress-nginx/kube-webhook-certgen - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: v20220916-gd32f8c343 - digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - pullPolicy: IfNotPresent - # -- Provide a priority class name to the webhook patching job - ## - priorityClassName: "" - podAnnotations: {} - nodeSelector: + nodeSelector: kubernetes.io/os: linux - tolerations: [] - # -- Labels to be added to patch job resources - labels: {} - securityContext: - runAsNonRoot: true - runAsUser: 2000 - fsGroup: 2000 + ## Liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + ## startupProbe: + ## httpGet: + ## # should match container.healthCheckPath + ## path: "/healthz" + ## port: 10254 + ## scheme: HTTP + ## initialDelaySeconds: 5 + ## periodSeconds: 5 + ## timeoutSeconds: 2 + ## successThreshold: 1 + ## failureThreshold: 5 + livenessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + # -- Path of the health check endpoint. All requests received on the port defined by + # the healthz-port parameter are forwarded internally to this path. + healthCheckPath: "/healthz" + # -- Address to bind the health check endpoint. + # It is better to set this option to the internal node address + # if the ingress nginx controller is running in the `hostNetwork: true` mode. + healthCheckHost: "" + # -- Annotations to be added to controller pods + ## + podAnnotations: {} + replicaCount: 1 + # -- Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Define either 'minAvailable' or 'maxUnavailable', never both. + # maxUnavailable: 1 - # Use certmanager to generate webhook certs - certManager: - enabled: false - # self-signed root certificate - rootCert: - duration: "" # default to be 5y - admissionCert: - duration: "" # default to be 1y - # issuerRef: - # name: "issuer" - # kind: "ClusterIssuer" + ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes + ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 + ## Ideally, there should be no limits. + ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ + resources: + ## limits: + ## cpu: 100m + ## memory: 90Mi + requests: + cpu: 100m + memory: 90Mi + # Mutually exclusive with keda autoscaling + autoscaling: + apiVersion: autoscaling/v2 + enabled: false + annotations: {} + minReplicas: 1 + maxReplicas: 11 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + autoscalingTemplate: [] + # Custom or additional autoscaling metrics + # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics + # - type: Pods + # pods: + # metric: + # name: nginx_ingress_controller_nginx_process_requests_total + # target: + # type: AverageValue + # averageValue: 10000m - metrics: - port: 10254 - portName: metrics - # if this port is changed, change healthz-port: in extraArgs: accordingly - enabled: false + # Mutually exclusive with hpa autoscaling + keda: + apiVersion: "keda.sh/v1alpha1" + ## apiVersion changes with keda 1.x vs 2.x + ## 2.x = keda.sh/v1alpha1 + ## 1.x = keda.k8s.io/v1alpha1 + enabled: false + minReplicas: 1 + maxReplicas: 11 + pollingInterval: 30 + cooldownPeriod: 300 + restoreToOriginalReplicaCount: false + scaledObject: + annotations: {} + # Custom annotations for ScaledObject resource + # annotations: + # key: value + triggers: [] + # - type: prometheus + # metadata: + # serverAddress: http://:9090 + # metricName: http_requests_total + # threshold: '100' + # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + + # -- Enable mimalloc as a drop-in replacement for malloc. + ## ref: https://github.com/microsoft/mimalloc + ## + enableMimalloc: true + ## Override NGINX template + customTemplate: + configMapName: "" + configMapKey: "" service: - annotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/port: "10254" + enabled: true + # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were + # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http + # It allows choosing the protocol for each backend specified in the Kubernetes service. + # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 + # Will be ignored for Kubernetes versions older than 1.20 + ## + appProtocol: true + annotations: {} + labels: {} + # clusterIP: "" - # clusterIP: "" + # -- List of IP addresses at which the controller services are available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + loadBalancerIP: "" + loadBalancerSourceRanges: [] + enableHttp: true + enableHttps: true + ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" - # -- List of IP addresses at which the stats-exporter service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] + ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + # sessionAffinity: "" - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 10254 - type: ClusterIP - # externalTrafficPolicy: "" - # nodePort: "" + ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, + ## the service controller allocates a port from your cluster’s NodePort range. + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # healthCheckNodePort: 0 - serviceMonitor: - enabled: false - additionalLabels: {} - ## The label to use to retrieve the job name from. - ## jobLabel: "app.kubernetes.io/name" - namespace: "" - namespaceSelector: {} - ## Default: scrape .Release.Namespace only - ## To scrape all, use the following: - ## namespaceSelector: - ## any: true - scrapeInterval: 30s - # honorLabels: true - targetLabels: [] - relabelings: [] - metricRelabelings: [] + # -- Represents the dual-stack-ness requested or required by this Service. Possible values are + # SingleStack, PreferDualStack or RequireDualStack. + # The ipFamilies and clusterIPs fields depend on the value of this field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilyPolicy: "SingleStack" + # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically + # based on cluster configuration and the ipFamilyPolicy field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilies: + - IPv4 + ports: + http: 80 + https: 443 + targetPorts: + http: http + https: https + type: LoadBalancer + ## type: NodePort + ## nodePorts: + ## http: 32080 + ## https: 32443 + ## tcp: + ## 8080: 32808 + nodePorts: + http: "" + https: "" + tcp: {} + udp: {} + external: + enabled: true + internal: + # -- Enables an additional internal load balancer (besides the external one). + enabled: false + # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. + annotations: {} + # loadBalancerIP: "" - prometheusRule: - enabled: false - additionalLabels: {} - # namespace: "" - rules: [] - # # These are just examples rules, please adapt them to your needs - # - alert: NGINXConfigFailed - # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 - # for: 1s - # labels: - # severity: critical - # annotations: - # description: bad ingress config - nginx config test failed - # summary: uninstall the latest ingress changes to allow config reloads to resume - # - alert: NGINXCertificateExpiry - # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 - # for: 1s - # labels: - # severity: critical - # annotations: - # description: ssl certificate(s) will expire in less then a week - # summary: renew expiring certificates to avoid downtime - # - alert: NGINXTooMany500s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: warning - # annotations: - # description: Too many 5XXs - # summary: More than 5% of all requests returned 5XX, this requires your attention - # - alert: NGINXTooMany400s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: warning - # annotations: - # description: Too many 4XXs - # summary: More than 5% of all requests returned 4XX, this requires your attention + # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. + loadBalancerSourceRanges: [] + ## Set external traffic policy to: "Local" to preserve source IP on + ## providers supporting it + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + # shareProcessNamespace enables process namespace sharing within the pod. + # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. + shareProcessNamespace: false + # -- Additional containers to be added to the controller pod. + # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. + extraContainers: [] + # - name: my-sidecar + # image: nginx:latest + # - name: lemonldap-ng-controller + # image: lemonldapng/lemonldap-ng-controller:0.2.0 + # args: + # - /lemonldap-ng-controller + # - --alsologtostderr + # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration + # env: + # - name: POD_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.name + # - name: POD_NAMESPACE + # valueFrom: + # fieldRef: + # fieldPath: metadata.namespace + # volumeMounts: + # - name: copy-portal-skins + # mountPath: /srv/var/lib/lemonldap-ng/portal/skins - # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: - # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds - # to 300, allowing the draining of connections up to five minutes. - # If the active connections end before that, the pod will terminate gracefully at that time. - # To effectively take advantage of this feature, the Configmap feature - # worker-shutdown-timeout new value is 240s instead of 10s. - ## - lifecycle: - preStop: - exec: - command: - - /wait-shutdown + # -- Additional volumeMounts to the controller main container. + extraVolumeMounts: [] + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins - priorityClassName: "" + # -- Additional volumes to the controller pod. + extraVolumes: [] + # - name: copy-portal-skins + # emptyDir: {} + # -- Containers, which are run before the app containers are started. + extraInitContainers: [] + # - name: init-myservice + # image: busybox + # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] + + # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module + extraModules: [] + # containerSecurityContext: + # allowPrivilegeEscalation: false + # + # The image must contain a `/usr/local/bin/init_module.sh` executable, which + # will be executed as initContainers, to move its config files within the + # mounted volume. + + opentelemetry: + enabled: false + image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c + containerSecurityContext: + allowPrivilegeEscalation: false + admissionWebhooks: + annotations: {} + # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". + + ## Additional annotations to the admission webhooks. + ## These annotations will be added to the ValidatingWebhookConfiguration and + ## the Jobs Spec of the admission webhooks. + enabled: true + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + # -- Admission Webhook failure policy to use + failurePolicy: Fail + # timeoutSeconds: 10 + port: 8443 + certificate: "/usr/local/certificates/cert" + key: "/usr/local/certificates/key" + namespaceSelector: {} + objectSelector: {} + # -- Labels to be added to admission webhooks + labels: {} + # -- Use an existing PSP instead of creating one + existingPsp: "" + networkPolicyEnabled: false + service: + annotations: {} + # clusterIP: "" + externalIPs: [] + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 443 + type: ClusterIP + createSecretJob: + securityContext: + allowPrivilegeEscalation: false + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + patchWebhookJob: + securityContext: + allowPrivilegeEscalation: false + resources: {} + patch: + enabled: true + image: + registry: registry.k8s.io + image: ingress-nginx/kube-webhook-certgen + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: v20220916-gd32f8c343 + digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + pullPolicy: IfNotPresent + # -- Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + podAnnotations: {} + nodeSelector: + kubernetes.io/os: linux + tolerations: [] + # -- Labels to be added to patch job resources + labels: {} + securityContext: + runAsNonRoot: true + runAsUser: 2000 + fsGroup: 2000 + # Use certmanager to generate webhook certs + certManager: + enabled: false + # self-signed root certificate + rootCert: + # default to be 5y + duration: "" + admissionCert: + # default to be 1y + duration: "" + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" + metrics: + port: 10254 + portName: metrics + # if this port is changed, change healthz-port: in extraArgs: accordingly + enabled: false + service: + annotations: {} + # prometheus.io/scrape: "true" + # prometheus.io/port: "10254" + + # clusterIP: "" + + # -- List of IP addresses at which the stats-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 10254 + type: ClusterIP + # externalTrafficPolicy: "" + # nodePort: "" + serviceMonitor: + enabled: false + additionalLabels: {} + ## The label to use to retrieve the job name from. + ## jobLabel: "app.kubernetes.io/name" + namespace: "" + namespaceSelector: {} + ## Default: scrape .Release.Namespace only + ## To scrape all, use the following: + ## namespaceSelector: + ## any: true + scrapeInterval: 30s + # honorLabels: true + targetLabels: [] + relabelings: [] + metricRelabelings: [] + prometheusRule: + enabled: false + additionalLabels: {} + # namespace: "" + rules: [] + # # These are just examples rules, please adapt them to your needs + # - alert: NGINXConfigFailed + # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: bad ingress config - nginx config test failed + # summary: uninstall the latest ingress changes to allow config reloads to resume + # - alert: NGINXCertificateExpiry + # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: ssl certificate(s) will expire in less then a week + # summary: renew expiring certificates to avoid downtime + # - alert: NGINXTooMany500s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 5XXs + # summary: More than 5% of all requests returned 5XX, this requires your attention + # - alert: NGINXTooMany400s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 4XXs + # summary: More than 5% of all requests returned 4XX, this requires your attention + # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: + # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds + # to 300, allowing the draining of connections up to five minutes. + # If the active connections end before that, the pod will terminate gracefully at that time. + # To effectively take advantage of this feature, the Configmap feature + # worker-shutdown-timeout new value is 240s instead of 10s. + ## + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + priorityClassName: "" # -- Rollback limit ## revisionHistoryLimit: 10 - ## Default 404 backend ## defaultBackend: - ## - enabled: false - - name: defaultbackend - image: - registry: registry.k8s.io - image: defaultbackend-amd64 - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: "1.5" - pullPolicy: IfNotPresent - # nobody user -> uid 65534 - runAsUser: 65534 - runAsNonRoot: true - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - - # -- Use an existing PSP instead of creating one - existingPsp: "" - - extraArgs: {} - - serviceAccount: - create: true - name: "" - automountServiceAccountToken: true - # -- Additional environment variables to set for defaultBackend pods - extraEnvs: [] - - port: 8080 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 0 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - - # -- Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - affinity: {} - - # -- Security Context policies for controller pods - # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - # notes on enabling and using sysctls - ## - podSecurityContext: {} - - # -- Security Context policies for controller main container. - # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - # notes on enabling and using sysctls - ## - containerSecurityContext: {} - - # -- Labels to add to the pod container metadata - podLabels: {} - # key: value - - # -- Node labels for default backend pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: - kubernetes.io/os: linux - - # -- Annotations to be added to default backend pods - ## - podAnnotations: {} - - replicaCount: 1 - - minAvailable: 1 - - resources: {} - # limits: - # cpu: 10m - # memory: 20Mi - # requests: - # cpu: 10m - # memory: 20Mi - - extraVolumeMounts: [] - ## Additional volumeMounts to the default backend container. - # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins - - extraVolumes: [] - ## Additional volumes to the default backend pod. - # - name: copy-portal-skins - # emptyDir: {} - - autoscaling: - annotations: {} - enabled: false - minReplicas: 1 - maxReplicas: 2 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - - service: - annotations: {} - - # clusterIP: "" - - # -- List of IP addresses at which the default backend service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## - externalIPs: [] + enabled: false + name: defaultbackend + image: + registry: registry.k8s.io + image: defaultbackend-amd64 + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "1.5" + pullPolicy: IfNotPresent + # nobody user -> uid 65534 + runAsUser: 65534 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + # -- Use an existing PSP instead of creating one + existingPsp: "" + extraArgs: {} + serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + # -- Additional environment variables to set for defaultBackend pods + extraEnvs: [] + port: 8080 + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 0 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 80 - type: ClusterIP + affinity: {} + # -- Security Context policies for controller pods + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + podSecurityContext: {} + # -- Security Context policies for controller main container. + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + containerSecurityContext: {} + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value - priorityClassName: "" - # -- Labels to be added to the default backend resources - labels: {} + # -- Node labels for default backend pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: + kubernetes.io/os: linux + # -- Annotations to be added to default backend pods + ## + podAnnotations: {} + replicaCount: 1 + minAvailable: 1 + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + extraVolumeMounts: [] + ## Additional volumeMounts to the default backend container. + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + extraVolumes: [] + ## Additional volumes to the default backend pod. + # - name: copy-portal-skins + # emptyDir: {} + + autoscaling: + annotations: {} + enabled: false + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + service: + annotations: {} + # clusterIP: "" + + # -- List of IP addresses at which the default backend service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + type: ClusterIP + priorityClassName: "" + # -- Labels to be added to the default backend resources + labels: {} ## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 rbac: - create: true - scope: false - + create: true + scope: false ## If true, create & use Pod Security Policy resources ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ podSecurityPolicy: - enabled: false - + enabled: false serviceAccount: - create: true - name: "" - automountServiceAccountToken: true - # -- Annotations for the controller service account - annotations: {} - + create: true + name: "" + automountServiceAccountToken: true + # -- Annotations for the controller service account + annotations: {} # -- Optional array of imagePullSecrets containing private registry credentials ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] @@ -964,7 +868,6 @@ udp: {} # -- Prefix for TCP and UDP ports names in ingress controller service ## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration portNamePrefix: "" - # -- (string) A base64-encoded Diffie-Hellman parameter. # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index fbdf9486a..54d315b50 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -359,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -392,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -455,7 +440,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,7 +512,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -538,7 +523,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -574,7 +559,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -585,7 +570,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -623,7 +608,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -636,7 +621,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 73ec24286..819de9079 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -350,7 +335,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -368,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -401,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -424,7 +409,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -464,7 +449,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -539,7 +524,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -550,7 +535,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -586,7 +571,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -597,7 +582,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -635,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -648,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index 9e6e905bb..73aec6dc9 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -410,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -449,7 +434,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +506,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +517,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -568,7 +553,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -579,7 +564,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -617,7 +602,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -630,7 +615,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index dd986a55d..19455ed27 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -388,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -451,7 +436,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +508,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +519,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -570,7 +555,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -581,7 +566,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -619,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -632,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 64e0366b4..3c4a022c3 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -344,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -358,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -414,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -454,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,7 +511,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -537,7 +522,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -573,7 +558,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +569,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -622,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index d6a40aed9..084fcd897 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -364,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -397,7 +382,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -420,7 +405,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +445,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -532,7 +517,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -543,7 +528,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -579,7 +564,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -590,7 +575,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -628,7 +613,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -641,7 +626,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 62ead9e34..355ca8054 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -410,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -455,7 +440,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -537,7 +522,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -548,7 +533,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -584,7 +569,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -595,7 +580,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -633,7 +618,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -646,7 +631,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index d52f01489..ff8b820b3 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -344,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -358,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -414,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -454,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,7 +511,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -537,7 +522,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -573,7 +558,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +569,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -622,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 29495b5c0..71a27b15f 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -62,7 +62,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -225,7 +225,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -233,10 +233,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -282,7 +282,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -299,7 +299,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -307,7 +307,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -315,7 +315,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -330,7 +330,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml ``` A @@ -357,7 +357,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index d5aa6cc16..f943a96a6 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -7,11 +7,651 @@ Do not try to edit it manually. +### [[Serial] admission controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L35) + +- [reject ingress with global-rate-limit annotations when memcached is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L48) +- [should not allow overlaps of host and paths without canary annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L75) +- [should allow overlaps of host and paths with canary annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L92) +- [should block ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L113) +- [should return an error if there is an error validating the ingress definition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L130) +- [should return an error if there is an invalid value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L141) +- [should return an error if there is a forbidden value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L155) +- [should not return an error if the Ingress V1 definition is valid with Ingress Class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L169) +- [should not return an error if the Ingress V1 definition is valid with IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L185) +- [should return an error if the Ingress V1 definition contains invalid annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L201) +- [should not return an error for an invalid Ingress when it has unknown class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L212) + +### [affinity session-cookie-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L35) + +- [should set sticky cookie SERVERID](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L42) +- [should change cookie name on ingress definition change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L64) +- [should set the path to /something on the generated cookie](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L99) +- [does not set the path to / on the generated cookie if there's more than one rule referring to the same backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L121) +- [should set cookie with expires](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L194) +- [should set cookie with domain](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L225) +- [should not set cookie without domain annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L248) +- [should work with use-regex annotation and session-cookie-path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L270) +- [should warn user when use-regex is true and session-cookie-path is not set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L294) +- [should not set affinity across all server locations when using separate ingresses](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L320) +- [should set sticky cookie without host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L352) +- [should work with server-alias annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L372) +- [should set secure in cookie with provided true annotation on http](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L412) +- [should not set secure in cookie with provided false annotation on http](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L435) +- [should set secure in cookie with provided false annotation on https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L458) + +### [affinitymode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L31) + +- [Balanced affinity mode should balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L34) +- [Check persistent affinity mode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L67) + +### [server-alias](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L29) + +- [should return status code 200 for host 'foo' and 404 for 'bar'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L36) +- [should return status code 200 for host 'foo' and 'bar'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L62) +- [should return status code 200 for hosts defined in two ingresses, different path with one alias](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L87) + +### [app-root](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/approot.go#L28) + +- [should redirect to /foo](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/approot.go#L35) + +### [auth-tls-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L29) + +- [should set sslClientCertificate, sslVerifyClient and sslVerifyDepth with auth-tls-secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L36) +- [should set valid auth-tls-secret, sslVerify to off, and sslVerifyDepth to 2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L84) +- [should 302 redirect to error page instead of 400 when auth-tls-error-page is set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L114) +- [should pass URL-encoded certificate to upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L161) +- [should validate auth-tls-verify-client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L206) +- [should return 403 using auth-tls-match-cn with no matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L266) +- [should return 200 using auth-tls-match-cn with matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L295) +- [should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L324) + +### [backend-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L27) + +- [should set backend protocol to https:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L34) +- [should set backend protocol to $scheme:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L49) +- [should set backend protocol to grpc:// and use grpc_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L64) +- [should set backend protocol to grpcs:// and use grpc_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L79) +- [should set backend protocol to '' and use fastcgi_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L94) +- [should set backend protocol to '' and use ajp_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L109) + +### [canary-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L36) + +- [should response with a 200 status from the mainline upstream when requests are made to the mainline ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L48) +- [should return 404 status for requests to the canary if no matching ingress is found](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L80) +- [should return the correct status codes when endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L107) +- [should route requests to the correct upstream if mainline ingress is created before the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L161) +- [should route requests to the correct upstream if mainline ingress is created after the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L206) +- [should route requests to the correct upstream if the mainline ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L250) +- [should route requests to the correct upstream if the canary ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L307) +- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L372) +- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L426) +- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L490) +- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L532) +- [should routes to mainline upstream when the given Regex causes error](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L566) +- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L604) +- [respects always and never values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L643) +- [should route requests only to mainline if canary weight is 0](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L705) +- [should route requests only to canary if canary weight is 100](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L743) +- [should route requests only to canary if canary weight is equal to canary weight total](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L775) +- [should route requests split between mainline and canary if canary weight is 50](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L808) +- [should not use canary as a catch-all server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L836) +- [should not use canary with domain as a server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L864) +- [does not crash when canary ingress has multiple paths to the same non-matching backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L888) +- [always routes traffic to canary if first request was affinitized to canary (default behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L916) +- [always routes traffic to canary if first request was affinitized to canary (explicit sticky behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L973) +- [routes traffic to either mainline or canary backend (legacy behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L1031) + +### [client-body-buffer-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L28) + +- [should set client_body_buffer_size to 1000](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L35) +- [should set client_body_buffer_size to 1K](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L57) +- [should set client_body_buffer_size to 1k](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L79) +- [should set client_body_buffer_size to 1m](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L101) +- [should set client_body_buffer_size to 1M](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L123) +- [should not set client_body_buffer_size to invalid 1b](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L145) + +### [connection-proxy-header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/connection.go#L29) + +- [set connection header to keep-alive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/connection.go#L36) + +### [cors-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L28) + +- [should enable cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L35) +- [should set cors methods to only allow POST, GET](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L62) +- [should set cors max-age](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L78) +- [should disable cors allow credentials](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L94) +- [should allow origin for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L110) +- [should allow headers for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L137) +- [should expose headers for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L153) +- [should allow - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L169) +- [should not allow - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L196) +- [should allow correct origins - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L216) +- [should not break functionality](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L267) +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L291) +- [should not break functionality with extra domain](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L314) +- [should not match](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L338) +- [should allow - single origin with required port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L358) +- [should not allow - single origin with port and origin without port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L386) +- [should not allow - single origin without port and origin with required port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L405) +- [should allow - matching origin with wildcard origin (2 subdomains)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L425) +- [should not allow - unmatching origin with wildcard origin (2 subdomains)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L468) +- [should allow - matching origin+port with wildcard origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L488) +- [should not allow - portless origin with wildcard origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L515) +- [should allow correct origins - missing subdomain + origin with wildcard origin and correct origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L535) +- [should allow - missing origins (should allow all origins)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L571) + +### [custom-http-errors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/customhttperrors.go#L34) + +- [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/customhttperrors.go#L41) + +### [default-backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/default_backend.go#L29) + +- [should use a custom default backend as upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/default_backend.go#L37) + +### [disable-access-log disable-http-access-log disable-stream-access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L28) + +- [disable-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L35) +- [disable-http-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L53) +- [disable-stream-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L71) + +### [backend-protocol - FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L31) + +- [should use fastcgi_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L38) +- [should add fastcgi_index in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L55) +- [should add fastcgi_param in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L72) +- [should return OK for service with backend protocol FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L105) + +### [force-ssl-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L27) + +- [should redirect to https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L34) + +### [from-to-www-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L31) + +- [should redirect from www HTTP to HTTP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L38) +- [should redirect from www HTTPS to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L64) + +### [annotation-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/globalratelimit.go#L30) + +- [generates correct configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/globalratelimit.go#L38) + +### [backend-protocol - GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L40) + +- [should use grpc_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L43) +- [should return OK for service with backend protocol GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L68) +- [authorization metadata should be overwritten by external auth response headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L126) +- [should return OK for service with backend protocol GRPCS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L199) + +### [http2-push-preload](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L27) + +- [enable the http2-push-preload directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L34) + +### [influxdb-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L39) + +- [should send the request metric to the influxdb server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L48) + +### [whitelist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L27) + +- [should set valid ip whitelist range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L34) + +### [Annotation - limit-connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitconnections.go#L31) + +- [should limit-connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitconnections.go#L38) + +### [limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitrate.go#L29) + +- [Check limit-rate annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitrate.go#L37) + +### [enable-access-log enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L27) + +- [set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L34) +- [set rewrite_log on](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L49) + +### [mirror-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L28) + +- [should set mirror-target to http://localhost/mirror](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L36) +- [should set mirror-target to https://test.env.com/$request_uri](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L51) +- [should disable mirror-request-body](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L67) + +### [modsecurity owasp](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L28) + +- [should enable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L35) +- [should enable modsecurity with transaction ID and OWASP rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L53) +- [should disable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L74) +- [should enable modsecurity with snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L91) +- [should enable modsecurity without using 'modsecurity on;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L110) +- [should disable modsecurity using 'modsecurity off;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L132) +- [should enable modsecurity with snippet and block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L153) +- [should enable modsecurity globally and with modsecurity-snippet block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L189) +- [should enable modsecurity when enable-owasp-modsecurity-crs is set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L225) +- [should enable modsecurity through the config map](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L264) +- [should enable modsecurity through the config map but ignore snippet as disabled by admin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L305) +- [should disable default modsecurity conf setting when modsecurity-snippet is specified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L347) + +### [preserve-trailing-slash](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L27) + +- [should allow preservation of trailing slashes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L34) + +### [proxy-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L28) + +- [should set proxy_redirect to off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L36) +- [should set proxy_redirect to default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L52) +- [should set proxy_redirect to hello.com goodbye.com](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L68) +- [should set proxy client-max-body-size to 8m](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L85) +- [should not set proxy client-max-body-size to incorrect value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L100) +- [should set valid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L115) +- [should not set invalid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L136) +- [should turn on proxy-buffering](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L157) +- [should turn off proxy-request-buffering](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L179) +- [should build proxy next upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L194) +- [should setup proxy cookies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L215) +- [should change the default proxy HTTP version](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L233) + +### [proxy-ssl-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L30) + +- [should set valid proxy-ssl-secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L37) +- [should set valid proxy-ssl-secret, proxy-ssl-verify to on, proxy-ssl-verify-depth to 2, and proxy-ssl-server-name to on](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L64) +- [should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L94) +- [should set valid proxy-ssl-secret, proxy-ssl-protocols](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L122) +- [proxy-ssl-location-only flag should change the nginx config server part](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L150) + +### [permanent-redirect permanent-redirect-code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L30) + +- [should respond with a standard redirect code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L33) +- [should respond with a custom redirect code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L61) + +### [rewrite-target use-regex enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L30) + +- [should write rewrite logs](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L37) +- [should use correct longest path match](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L66) +- [should use ~* location modifier if regex annotation is present](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L111) +- [should fail to use longest match for documented warning](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L158) +- [should allow for custom rewrite parameters](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L190) + +### [satisfy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L35) + +- [should configure satisfy directive correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L42) +- [should allow multiple auth with satisfy any](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L84) + +### [server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L28) + +- [add valid directives to server via server snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L35) +- [drops server snippet if disabled by the administrator](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L61) + +### [service-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L32) + +- [should use the Service Cluster IP and Port ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L41) +- [should use the Service Cluster IP and Port ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L70) +- [should not use the Service Cluster IP and Port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L99) + +### [configuration-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L28) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L35) +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L58) + +### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/sslciphers.go#L28) + +- [should change ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/sslciphers.go#L35) + +### [stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L34) + +- [should add value of stream-snippet to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L41) +- [should add stream-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L85) + +### [upstream-hash-by-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L76) + +- [should connect to the same pod](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L83) +- [should connect to the same subset of pods](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L92) + +### [upstream-vhost](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamvhost.go#L27) + +- [set host to upstreamvhost.bar.com](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamvhost.go#L34) + +### [x-forwarded-prefix](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L28) + +- [should set the X-Forwarded-Prefix to the annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L35) +- [should not add X-Forwarded-Prefix if the annotation value is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L57) + +### [auth-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L39) + +- [should return status code 200 when no authentication is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L46) +- [should return status code 503 when authentication is configured with an invalid secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L65) +- [should return status code 401 when authentication is configured but Authorization header is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L89) +- [should return status code 401 when authentication is configured and Authorization header is sent with invalid credentials](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L116) +- [should return status code 401 and cors headers when authentication and cors is configured but Authorization header is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L144) +- [should return status code 200 when authentication is configured and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L172) +- [should return status code 200 when authentication is configured with a map and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L199) +- [should return status code 401 when authentication is configured with invalid content and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L227) +- [ when external auth is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L266) +- [ when external auth is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L284) +- [ when auth-headers are set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L301) +- [should set cache_key when external auth cache is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L322) +- [user retains cookie by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L411) +- [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L422) +- [user with annotated ingress retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L433) +- [should return status code 200 when signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L485) +- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L494) +- [keeps processing new ingresses even if one of the existing ingresses is misconfigured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L505) +- [should overwrite Foo header with auth response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L529) +- [should not create additional upstream block when auth-keepalive is not set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L552) +- [should not create additional upstream block when host part of auth-url contains a variable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L570) +- [should not create additional upstream block when auth-keepalive is negative](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L590) +- [should not create additional upstream block when auth-keepalive is set with HTTP/2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L609) +- [should create additional upstream block when auth-keepalive is set with HTTP/1.x](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L623) +- [should return status code 200 when signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L678) +- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L687) +- [keeps processing new ingresses even if one of the existing ingresses is misconfigured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L698) +- [should return status code 200 when signed in after auth backend is deleted ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L772) +- [should deny login for different location on same server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L792) +- [should deny login for different servers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L820) +- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L849) +- [should return 503 (location was denied)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L879) +- [should add error to the config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L887) + +### [Debug CLI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L29) + +- [should list the backend servers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L37) +- [should get information for a specific backend server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L56) +- [should produce valid JSON for /dbg general](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L85) + +### [[Default Backend] custom service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/custom_default_backend.go#L33) + +- [uses custom default backend that returns 200 as status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/custom_default_backend.go#L36) + +### [[Default Backend]](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L30) + +- [should return 404 sending requests when only a default backend is running](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L33) +- [enables access logging for default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L88) +- [disables access logging for default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L105) + +### [[Default Backend] SSL](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/ssl.go#L26) + +- [should return a self generated SSL certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/ssl.go#L29) + +### [[Default Backend] change default settings](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L30) + +- [should apply the annotation to the default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L38) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) + +### [[Endpointslices] long service name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L29) + +- [should return 200 when service name has max allowed number of characters 63](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L38) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L) + +### [[Setting] ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L190) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L206) +- [ [MemoryLeak]](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L207) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/grpc_fortune_teller.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/grpc_fortune_teller.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/array.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/array.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/chain.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/chain.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/cookie.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/cookie.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/match.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/match.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/object.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/object.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/reporter.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/reporter.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/request.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/request.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/response.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/response.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/string.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/string.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/value.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/value.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/influxdb.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/influxdb.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/ssl.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/ssl.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/test_context.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/test_context.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L) + +### [[Shutdown] Grace period shutdown](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/grace_period.go#L32) + +- [/healthz should return status code 500 during shutdown grace period](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/grace_period.go#L35) + +### [[Shutdown] ingress controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L30) + +- [should shutdown in less than 60 secons without pending connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L40) +- [should shutdown after waiting 60 seconds for pending connections to be closed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L61) +- [should shutdown after waiting 150 seconds for pending connections to be closed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L106) + +### [[Shutdown] Graceful shutdown with pending request](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/slow_requests.go#L25) + +- [should let slow requests finish before shutting down](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/slow_requests.go#L33) + +### [[Ingress] DeepInspection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/deep_inspection.go#L27) + +- [should drop whole ingress if one path matches invalid regex](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/deep_inspection.go#L34) + +### [single ingress - multiple hosts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/multiple_rules.go#L30) + +- [should set the correct $service_name NGINX variable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/multiple_rules.go#L38) + +### [[Ingress] [PathType] exact](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_exact.go#L30) + +- [should choose exact location for /exact](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_exact.go#L37) + +### [[Ingress] [PathType] mix Exact and Prefix paths](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_mixed.go#L30) + +- [should choose the correct location](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_mixed.go#L39) + +### [[Ingress] [PathType] prefix checks](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_prefix.go#L28) + +- [should return 404 when prefix /aaa does not match request /aaaccc](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_prefix.go#L35) + +### [[Ingress] definition without host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L31) + +- [should set ingress details variables for ingresses without a host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L34) +- [should set ingress details variables for ingresses with host without IngressRuleValue, only Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L55) + +### [[Memory Leak] Dynamic Certificates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/leaks/lua_ssl.go#L35) + +- [should not leak memory from ingress SSL certificates or configuration updates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/leaks/lua_ssl.go#L42) + +### [[Load Balancer] load-balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L28) + +- [should apply the configmap load-balance setting](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L35) + +### [[Load Balancer] EWMA](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L31) + +- [does not fail requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L42) + +### [[Load Balancer] round-robin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L31) + +- [should evenly distribute requests with round-robin (default algorithm)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L39) + +### [[Lua] dynamic certificates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L37) + +- [picks up the certificate when we add TLS spec to existing ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L45) +- [picks up the previously missing secret for a given ingress without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L70) +- [supports requests with domain with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L145) +- [picks up the updated certificate without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L149) +- [falls back to using default certificate when secret gets deleted without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L185) +- [picks up a non-certificate only change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L218) +- [removes HTTPS configuration when we delete TLS spec](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L233) + +### [[Lua] dynamic configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L42) + +- [configures balancer Lua middleware correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L50) +- [handles endpoints only changes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L62) +- [handles endpoints only changes (down scaling of replicas)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L87) +- [handles endpoints only changes consistently (down scaling of replicas vs. empty service)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L125) +- [handles an annotation change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L171) + +### [nginx-configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L99) + +- [start nginx with default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L102) +- [fails when using alias directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L115) +- [fails when using root directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L124) + +### [[Security] request smuggling](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L32) + +- [should not return body content from error_page](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L39) + +### [[Security] validate path fields](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L42) + +- [should accept an ingress with valid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L49) +- [should drop an ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L67) +- [should drop an ingress with regex path and regex disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L84) +- [should accept an ingress with regex path and regex enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L101) +- [should reject an ingress with invalid path and regex enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L118) + +### [[Service] backend status code 503](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L33) + +- [should return 503 when backend service does not exist](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L36) +- [should return 503 when all backend service endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L54) + +### [[Service] Type ExternalName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L59) + +- [works with external name set to incomplete fqdn](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L62) +- [should return 200 for service type=ExternalName without a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L95) +- [should return 200 for service type=ExternalName with a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L129) +- [should return status 502 for service type=ExternalName with an invalid host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L153) +- [should return 200 for service type=ExternalName using a port name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L184) +- [should return 200 for service type=ExternalName using FQDN with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L217) +- [should update the external name after a service update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L248) +- [should sync ingress on external name service addition/deletion](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L311) + +### [[Service] Nil Service Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L31) + +- [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38) + +### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L27) + +- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L32) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L42) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L54) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L67) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L80) + +### [Bad annotation values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L29) + +- [[BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L36) +- [[BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L67) +- [[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L102) +- [[BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L133) + +### [brotli](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L30) + +- [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39) + +### [Configmap change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L29) + +- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L36) + +### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) + +- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) +- [Add multiple custom headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L65) + +### [[SSL] [Flag] default-ssl-certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L33) + +- [uses default ssl certificate for catch-all ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L64) +- [uses default ssl certificate for host based ingress when configured certificate does not match host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L80) + +### [[Flag] disable-catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L33) + +- [should ignore catch all Ingress with backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L50) +- [should ignore catch all Ingress with backend and rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L69) +- [should delete Ingress updated to catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L81) +- [should allow Ingress with rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L123) + +### [[Flag] disable-service-external-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L35) + +- [should ignore services of external-name type](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L52) + +### [enable-real-ip](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L30) + +- [trusts X-Forwarded-For header only when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L40) +- [should not trust X-Forwarded-For header when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L78) + +### [use-forwarded-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L30) + +- [should trust X-Forwarded headers when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L40) +- [should not trust X-Forwarded headers when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L92) + ### [Geoip2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L37) - [should include geoip2 line in config when enabled and db file exists](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L46) - [should only allow requests from specific countries](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L70) +### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L28) + +- [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L38) +- [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L55) +- [should block Referers defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L88) + ### [[Security] global-auth-url](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L34) - [should return status code 401 when request any protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L85) @@ -27,59 +667,39 @@ Do not try to edit it manually. - [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L337) - [user with global-auth-always-set-cookie key in configmap retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L348) -### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L40) +### [global-options](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L28) -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L43) +- [should have worker_rlimit_nofile option](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L31) +- [should have worker_rlimit_nofile option and be independent on amount of worker processes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L38) -### [log-format-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L28) +### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L30) -- [should disable the log-format-escape-json by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L40) -- [should enable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L47) -- [should disable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L55) -- [log-format-escape-json enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L66) -- [log-format-escape-json disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L89) +- [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L38) -### [server-tokens](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L29) +### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L27) -- [should not exists Server header in the response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L38) -- [should exists Server header in the response when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L50) +- [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L40) +- [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L48) +- [should set proxy-headers-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L60) +- [should set proxy-headers-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L68) +- [should set variables-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L80) +- [should set variables-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L88) +- [should set vmap-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L100) -### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L28) +### [[Flag] ingress-class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L39) -- [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L36) -- [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L52) - -### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L28) - -- [Add ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L31) - -### [use-proxy-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L36) - -- [should respect port passed by the PROXY Protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L46) -- [should respect proto passed by the PROXY Protocol server port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L79) -- [should enable PROXY Protocol for HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L112) -- [should enable PROXY Protocol for TCP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L155) - -### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L28) - -- [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L35) - -### [configmap server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L28) - -- [should add value of server-snippet setting to all ingress config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L35) -- [should add global server-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L92) - -### [[Flag] disable-catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L33) - -- [should ignore catch all Ingress with backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L50) -- [should ignore catch all Ingress with backend and rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L69) -- [should delete Ingress updated to catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L81) -- [should allow Ingress with rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L123) - -### [enable-real-ip](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L30) - -- [trusts X-Forwarded-For header only when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L40) -- [should not trust X-Forwarded-For header when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L78) +- [should ignore Ingress with a different class annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L68) +- [should ignore Ingress with different controller class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L104) +- [should accept both Ingresses with default IngressClassName and IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L132) +- [should ignore Ingress without IngressClass configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L164) +- [should delete Ingress when class is removed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L192) +- [should serve Ingress when class is added](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L257) +- [should serve Ingress when class is updated between annotation and ingressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L323) +- [should ignore Ingress with no class and accept the correctly configured Ingresses](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L413) +- [should watch Ingress with no class and ignore ingress with a different class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L482) +- [should watch Ingress that uses the class name even if spec is different](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L539) +- [should watch Ingress with correct annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L631) +- [should ignore Ingress with only IngressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L652) ### [keep-alive keep-alive-requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L28) @@ -87,7 +707,41 @@ Do not try to edit it manually. - [should set keepalive_requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L48) - [should set keepalive connection to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L59) - [should set keep alive connection timeout to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L68) -- [should set the request count to upstream server through one keep alive connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L77) +- [should set keepalive time to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L77) +- [should set the request count to upstream server through one keep alive connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L86) + +### [Configmap - limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L28) + +- [Check limit-rate config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L36) + +### [[Flag] custom HTTP and HTTPS ports](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L32) + +- [should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L48) +- [should set X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L70) +- [should set the X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L100) + +### [log-format-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L28) + +- [should not configure log-format escape by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L40) +- [should enable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L47) +- [should disable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L55) +- [should enable the log-format-escape-none](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L63) +- [should disable the log-format-escape-none](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L71) +- [log-format-escape-json enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L82) +- [log-format default escape](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L105) +- [log-format-escape-none enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L128) + +### [[Lua] lua-shared-dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L26) + +- [configures lua shared dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L29) + +### [main-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L27) + +- [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31) + +### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27) + +- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30) ### [enable-multi-accept](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L27) @@ -99,9 +753,19 @@ Do not try to edit it manually. - [should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L70) -### [[Flag] disable-service-external-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L34) +### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33) -- [should ignore services of external-name type](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L51) +- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54) +- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68) +- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82) + +### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28) + +- [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31) + +### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42) + +- [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49) ### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L48) @@ -119,41 +783,48 @@ Do not try to edit it manually. - [should enable opentracing using jaeger with an HTTP endpoint](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L228) - [should enable opentracing using datadog](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L241) -### [Configmap change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L29) +### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L28) -- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L36) +- [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L35) -### [Configmap - limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L28) +### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L41) -- [Check limit-rate config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L36) +- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L44) -### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L26) +### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L37) -- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L31) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L41) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L53) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L66) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L79) +- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L40) -### [global-options](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L28) +### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L28) -- [should have worker_rlimit_nofile option](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L31) -- [should have worker_rlimit_nofile option and be independent on amount of worker processes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L38) +- [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L36) +- [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L52) -### [[Flag] ingress-class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L39) +### [Dynamic $proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L28) -- [should ignore Ingress with a different class annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L68) -- [should ignore Ingress with different controller class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L104) -- [should accept both Ingresses with default IngressClassName and IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L132) -- [should ignore Ingress without IngressClass configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L164) -- [should delete Ingress when class is removed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L192) -- [should serve Ingress when class is added](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L257) -- [should serve Ingress when class is updated between annotation and ingressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L323) -- [should ignore Ingress with no class and accept the correctly configured Ingresses](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L413) -- [should watch Ingress with no class and ignore ingress with a different class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L482) -- [should watch Ingress that uses the class name even if spec is different](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L539) -- [should watch Ingress with correct annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L631) -- [should ignore Ingress with only IngressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L652) +- [should exist a proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L36) +- [should exist a proxy_host using the upstream-vhost annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L57) + +### [proxy-next-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L28) + +- [should build proxy next upstream using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L36) + +### [use-proxy-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L36) + +- [should respect port passed by the PROXY Protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L46) +- [should respect proto passed by the PROXY Protocol server port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L79) +- [should enable PROXY Protocol for HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L112) +- [should enable PROXY Protocol for TCP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L155) + +### [proxy-read-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L28) + +- [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) +- [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) + +### [proxy-send-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L28) + +- [should set valid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L36) +- [should not set invalid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L52) ### [reuse-port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L27) @@ -161,133 +832,33 @@ Do not try to edit it manually. - [reuse port should be disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L44) - [reuse port should be enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L52) -### [proxy-send-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L28) +### [configmap server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L28) -- [should set valid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L36) -- [should not set invalid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L52) +- [should add value of server-snippet setting to all ingress config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L35) +- [should add global server-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L92) -### [[SSL] [Flag] default-ssl-certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L33) +### [server-tokens](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L29) -- [uses default ssl certificate for catch-all ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L64) -- [uses default ssl certificate for host based ingress when configured certificate does not match host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L80) +- [should not exists Server header in the response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L38) +- [should exists Server header in the response when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L50) -### [brotli](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L30) +### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L28) -- [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39) +- [Add ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L31) -### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L36) +### [configmap stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L35) -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L39) - -### [Dynamic $proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L28) - -- [should exist a proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L36) -- [should exist a proxy_host using the upstream-vhost annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L57) - -### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L28) - -- [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L38) -- [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L55) -- [should block Referers defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L88) - -### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L30) - -- [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L38) - -### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28) - -- [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31) - -### [main-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L27) - -- [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31) - -### [[Lua] lua-shared-dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L26) - -- [configures lua shared dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L29) - -### [Bad annotation values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L29) - -- [[BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L36) -- [[BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L67) -- [[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L102) -- [[BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L133) +- [should add value of stream-snippet via config map to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L42) ### [[SSL] TLS protocols, ciphers and headers)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L31) - [setting cipher suite](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L65) -- [enforcing TLS v1.0](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L87) -- [setting max-age parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L133) -- [setting includeSubDomains parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L149) -- [setting preload parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L168) -- [overriding what's set from the upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L188) -- [should not use ports during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L209) -- [should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L227) - -### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27) - -- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30) - -### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42) - -- [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49) - -### [configmap stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L34) - -- [should add value of stream-snippet via config map to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L41) - -### [proxy-read-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L28) - -- [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) -- [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) - -### [proxy-next-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L28) - -- [should build proxy next upstream using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L36) - -### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L27) - -- [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L40) -- [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L48) -- [should set proxy-headers-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L60) -- [should set proxy-headers-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L68) -- [should set variables-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L80) -- [should set variables-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L88) -- [should set vmap-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L100) - -### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33) - -- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54) -- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68) -- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82) - -### [[Flag] custom HTTP and HTTPS ports](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L32) - -- [should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L48) -- [should set X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L70) -- [should set the X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L100) - -### [use-forwarded-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L30) - -- [should trust X-Forwarded headers when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L40) -- [should not trust X-Forwarded headers when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L92) - -### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) - -- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) -- [Add multiple custom headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L65) - -### [[Load Balancer] round-robin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L31) - -- [should evenly distribute requests with round-robin (default algorithm)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L39) - -### [[Load Balancer] EWMA](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L31) - -- [does not fail requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L42) - -### [[Load Balancer] load-balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L28) - -- [should apply the configmap load-balance setting](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L35) +- [setting max-age parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L111) +- [setting includeSubDomains parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L127) +- [setting preload parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L146) +- [overriding what's set from the upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L166) +- [should not use ports during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L187) +- [should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L205) ### [[SSL] redirect to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/http_redirect.go#L29) @@ -298,22 +869,11 @@ Do not try to edit it manually. - [should not appear references to secret updates not used in ingress rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L40) - [should return the fake SSL certificate if the secret is invalid](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L82) -### [[Service] Type ExternalName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L58) +### [[Status] status update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L38) -- [works with external name set to incomplete fqdn](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L61) -- [should return 200 for service type=ExternalName without a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L94) -- [should return 200 for service type=ExternalName with a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L128) -- [should return status 502 for service type=ExternalName with an invalid host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L152) -- [should return 200 for service type=ExternalName using a port name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L183) -- [should return 200 for service type=ExternalName using FQDN with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L216) -- [should update the external name after a service update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L247) -- [should sync ingress on external name service addition/deletion](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L310) +- [should update status field after client-go reconnection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L43) -### [[Service] Nil Service Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L31) +### [[TCP] tcp-services](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L37) -- [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38) - -### [[Service] backend status code 503](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L33) - -- [should return 503 when backend service does not exist](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L36) -- [should return 503 when all backend service endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L54) +- [should expose a TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L40) +- [should expose an ExternalName TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L98) \ No newline at end of file diff --git a/hack/generate-e2e-suite-doc.sh b/hack/generate-e2e-suite-doc.sh index 2265bb079..a4ccc8fc2 100755 --- a/hack/generate-e2e-suite-doc.sh +++ b/hack/generate-e2e-suite-doc.sh @@ -18,10 +18,6 @@ if [ -n "$DEBUG" ]; then set -x fi -set -o errexit -set -o nounset -set -o pipefail - URL="https://github.com/kubernetes/ingress-nginx/tree/main/" DIR=$(cd $(dirname "${BASH_SOURCE}")/.. && pwd -P) @@ -34,7 +30,7 @@ Do not try to edit it manually. " -for FILE in `find $DIR/test/e2e -name "*.go"`;do +for FILE in $(find $DIR/test/e2e -name "*.go");do # describe definition DESCRIBE=$(cat $FILE | grep -n -oP 'Describe.*') # line number From 3916f7b8b72ce5da7e3ba2377adfb1d06d4bcae8 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Thu, 29 Dec 2022 19:09:29 -0300 Subject: [PATCH 453/494] move tests to gh actions (#9461) --- .github/workflows/ci.yaml | 57 +++++++++++++++++++ Makefile | 1 + internal/ingress/annotations/authreq/main.go | 3 +- .../ingress/controller/template/template.go | 11 ++-- internal/ingress/resolver/mock.go | 3 +- pkg/util/runtime/cpu_linux.go | 3 +- rootfs/chroot.sh | 1 - test/e2e/framework/util.go | 4 +- 8 files changed, 72 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d064fa6a2..61f5970db 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -75,6 +75,63 @@ jobs: # G307 TODO: Deferring unsafe method "Close" args: -exclude=G109,G601,G104,G204,G304,G306,G307 -tests=false -exclude-dir=test -exclude-dir=images/ -exclude-dir=docs/ ./... + lint: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.go == 'true') + steps: + - name: Checkout + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + + - name: Set up Go + id: go + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 + with: + go-version: '1.19' + check-latest: true + + - name: Run Lint + run: ./hack/verify-golint.sh + + gofmt: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.go == 'true') + steps: + - name: Checkout + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + + - name: Set up Go + id: go + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 + with: + go-version: '1.19' + check-latest: true + + - name: Run go-fmt + run: ./hack/verify-gofmt.sh + + test-go: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.go == 'true') + steps: + - name: Checkout + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + + - name: Set up Go + id: go + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 + with: + go-version: '1.19' + check-latest: true + + - name: Run test + run: make test + build: name: Build runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 8204a2087..5099b4645 100644 --- a/Makefile +++ b/Makefile @@ -141,6 +141,7 @@ test: ## Run go unit tests. COMMIT_SHA=$(COMMIT_SHA) \ REPO_INFO=$(REPO_INFO) \ TAG=$(TAG) \ + GOFLAGS="-buildvcs=false" \ test/test.sh .PHONY: lua-test diff --git a/internal/ingress/annotations/authreq/main.go b/internal/ingress/annotations/authreq/main.go index b607f5482..6a8a4611a 100644 --- a/internal/ingress/annotations/authreq/main.go +++ b/internal/ingress/annotations/authreq/main.go @@ -149,7 +149,8 @@ func ValidHeader(header string) bool { // ValidCacheDuration checks if the provided string is a valid cache duration // spec: [code ...] [time ...]; // with: code is an http status code -// time must match the time regex and may appear multiple times, e.g. `1h 30m` +// +// time must match the time regex and may appear multiple times, e.g. `1h 30m` func ValidCacheDuration(duration string) bool { elements := strings.Split(duration, " ") seenDuration := false diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index 8d4cb6e75..315262150 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -75,8 +75,8 @@ type Template struct { bp *BufferPool } -//NewTemplate returns a new Template instance or an -//error if the specified template file contains errors +// NewTemplate returns a new Template instance or an +// error if the specified template file contains errors func NewTemplate(file string) (*Template, error) { data, err := os.ReadFile(file) if err != nil { @@ -287,9 +287,10 @@ var ( // escapeLiteralDollar will replace the $ character with ${literal_dollar} // which is made to work via the following configuration in the http section of // the template: -// geo $literal_dollar { -// default "$"; -// } +// +// geo $literal_dollar { +// default "$"; +// } func escapeLiteralDollar(input interface{}) string { inputStr, ok := input.(string) if !ok { diff --git a/internal/ingress/resolver/mock.go b/internal/ingress/resolver/mock.go index 556262b42..62c5c6db9 100644 --- a/internal/ingress/resolver/mock.go +++ b/internal/ingress/resolver/mock.go @@ -41,7 +41,8 @@ func (m Mock) GetSecret(string) (*apiv1.Secret, error) { // GetAuthCertificate resolves a given secret name into an SSL certificate. // The secret must contain 3 keys named: -// ca.crt: contains the certificate chain used for authentication +// +// ca.crt: contains the certificate chain used for authentication func (m Mock) GetAuthCertificate(string) (*AuthSSLCert, error) { return nil, nil } diff --git a/pkg/util/runtime/cpu_linux.go b/pkg/util/runtime/cpu_linux.go index e7513d619..cfc49d924 100644 --- a/pkg/util/runtime/cpu_linux.go +++ b/pkg/util/runtime/cpu_linux.go @@ -33,7 +33,8 @@ import ( // NumCPU returns the number of logical CPUs usable by the current process. // If CPU cgroups limits are configured, use cfs_quota_us / cfs_period_us // as formula -// https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt +// +// https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt func NumCPU() int { cpus := runtime.NumCPU() diff --git a/rootfs/chroot.sh b/rootfs/chroot.sh index 3f64aa63f..9f3cbd804 100755 --- a/rootfs/chroot.sh +++ b/rootfs/chroot.sh @@ -40,7 +40,6 @@ for dir in "${writeDirs[@]}"; do chown -R www-data.www-data ${dir}; done - mkdir -p /chroot/lib /chroot/proc /chroot/usr /chroot/bin /chroot/dev /chroot/run cp /etc/passwd /etc/group /chroot/etc/ cp -a /usr/* /chroot/usr/ diff --git a/test/e2e/framework/util.go b/test/e2e/framework/util.go index 8f50dac98..90f15eb1b 100644 --- a/test/e2e/framework/util.go +++ b/test/e2e/framework/util.go @@ -189,7 +189,7 @@ func CreateIngressClass(namespace string, c kubernetes.Interface) (string, error return ic.Name, nil } -//deleteIngressClass deletes an IngressClass and its related ClusterRole* objects +// deleteIngressClass deletes an IngressClass and its related ClusterRole* objects func deleteIngressClass(c kubernetes.Interface, ingressclass string) error { var err error grace := int64(0) @@ -215,7 +215,7 @@ func deleteIngressClass(c kubernetes.Interface, ingressclass string) error { return nil } -//GetIngressClassName returns the default IngressClassName given a namespace +// GetIngressClassName returns the default IngressClassName given a namespace func GetIngressClassName(namespace string) *string { icname := fmt.Sprintf("ic-%s", namespace) return &icname From 8b5a25fa141dff2d7f6bb8eecc07ee66a1f1a210 Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 29 Dec 2022 18:59:07 -0500 Subject: [PATCH 454/494] fix change images (#9463) Signed-off-by: James Strong Signed-off-by: James Strong --- changelog/Changelog-1.5.2.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/changelog/Changelog-1.5.2.md b/changelog/Changelog-1.5.2.md index 8b6779e47..8b2617924 100644 --- a/changelog/Changelog-1.5.2.md +++ b/changelog/Changelog-1.5.2.md @@ -3,8 +3,8 @@ ### 1.5.2 Images: - * registry.k8s.io/controller:controller-v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 - * registry.k8s.io/controller-chroot:controller-v1.5.2@sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b + * registry.k8s.io/ingress-nginx/controller:controller-v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + * registry.k8s.io/ingress-nginx/controller-chroot:controller-v1.5.2@sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b ### All Changes: From 11e21bf3e72277740639d20416b83971d99846e1 Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 29 Dec 2022 19:55:27 -0500 Subject: [PATCH 455/494] rollback tag Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index a503124bd..c9b3c015f 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.2 +v1.5.1 \ No newline at end of file From 6f9c65abf4a18e4c32bea1d2006efcb2c9896871 Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 29 Dec 2022 19:58:15 -0500 Subject: [PATCH 456/494] revert 1.5.2 Signed-off-by: James Strong --- charts/ingress-nginx/Chart.yaml | 47 +- charts/ingress-nginx/README.md | 8 +- .../changelog/Changelog-1.5.2.md | 12 - charts/ingress-nginx/values.yaml | 1607 +++++++++-------- deploy/static/provider/aws/deploy.yaml | 57 +- .../aws/nlb-with-tls-termination/deploy.yaml | 57 +- deploy/static/provider/baremetal/deploy.yaml | 57 +- deploy/static/provider/cloud/deploy.yaml | 57 +- deploy/static/provider/do/deploy.yaml | 57 +- deploy/static/provider/exoscale/deploy.yaml | 57 +- deploy/static/provider/kind/deploy.yaml | 57 +- deploy/static/provider/scw/deploy.yaml | 57 +- docs/deploy/index.md | 20 +- docs/e2e-tests.md | 974 +++------- 14 files changed, 1387 insertions(+), 1737 deletions(-) delete mode 100644 charts/ingress-nginx/changelog/Changelog-1.5.2.md diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 11ab03634..461601f59 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,26 +1,31 @@ -annotations: - artifacthub.io/changes: | - - "ci: remove setup-helm step (#9404)" - - "feat(helm): Optionally use cert-manager instead admission patch (#9279)" - - "run helm release on main only and when the chart/value changes only (#9290)" - - "Update Ingress-Nginx version controller-v1.5.2" - artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: 1.5.2 -description: Ingress controller for Kubernetes using NGINX as a reverse proxy and - load balancer -engine: gotpl +name: ingress-nginx +# When the version is modified, make sure the artifacthub.io/changes list is updated +# Also update CHANGELOG.md +version: 4.4.0 +appVersion: 1.5.1 home: https://github.com/kubernetes/ingress-nginx +description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png keywords: -- ingress -- nginx -kubeVersion: '>=1.20.0-0' -maintainers: -- name: rikatz -- name: strongjz -- name: tao12345666333 -name: ingress-nginx + - ingress + - nginx sources: -- https://github.com/kubernetes/ingress-nginx -version: 4.4.1 + - https://github.com/kubernetes/ingress-nginx +maintainers: + - name: rikatz + - name: strongjz + - name: tao12345666333 +engine: gotpl +kubeVersion: ">=1.20.0-0" +annotations: + # Use this annotation to indicate that this chart version is a pre-release. + # https://artifacthub.io/docs/topics/annotations/helm/ + artifacthub.io/prerelease: "false" + # List of changes for the release in artifacthub.io + # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog + artifacthub.io/changes: | + - Adding support for disabling liveness and readiness probes to the Helm chart + - add:(admission-webhooks) ability to set securityContext + - Updated Helm chart to use the fullname for the electionID if not specified + - Rename controller-wehbooks-networkpolicy.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 4daff76c6..af71493fe 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.4.1](https://img.shields.io/badge/Version-4.4.1-informational?style=flat-square) ![AppVersion: 1.5.2](https://img.shields.io/badge/AppVersion-1.5.2-informational?style=flat-square) +![Version: 4.4.0](https://img.shields.io/badge/Version-4.4.0-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -332,13 +332,13 @@ Kubernetes: `>=1.20.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655"` | | -| controller.image.digestChroot | string | `"sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b"` | | +| controller.image.digest | string | `"sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629"` | | +| controller.image.digestChroot | string | `"sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.5.2"` | | +| controller.image.tag | string | `"v1.5.1"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/changelog/Changelog-1.5.2.md b/charts/ingress-nginx/changelog/Changelog-1.5.2.md deleted file mode 100644 index 5e0563858..000000000 --- a/charts/ingress-nginx/changelog/Changelog-1.5.2.md +++ /dev/null @@ -1,12 +0,0 @@ -# Changelog - -This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). - -### 4.4.1 - -* ci: remove setup-helm step (#9404) -* feat(helm): Optionally use cert-manager instead admission patch (#9279) -* run helm release on main only and when the chart/value changes only (#9290) -* Update Ingress-Nginx version controller-v1.5.2 - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.4.1...helm-chart-4.4.1 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index e5f8922a0..b7089addb 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -14,190 +14,222 @@ commonLabels: {} # myLabel: aakkmd controller: - name: controller - image: - ## Keep false as default for now! - chroot: false - registry: registry.k8s.io - image: ingress-nginx/controller - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: "v1.5.2" - digest: sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 - digestChroot: sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b - pullPolicy: IfNotPresent - # www-data -> uid 101 - runAsUser: 101 - allowPrivilegeEscalation: true - # -- Use an existing PSP instead of creating one - existingPsp: "" - # -- Configures the controller container name - containerName: controller - # -- Configures the ports that the nginx-controller listens on - containerPort: - http: 80 - https: 443 - # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ - config: {} - # -- Annotations to be added to the controller config configuration configmap. - configAnnotations: {} - # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers - proxySetHeaders: {} - # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers - addHeaders: {} - # -- Optionally customize the pod dnsConfig. - dnsConfig: {} - # -- Optionally customize the pod hostname. - hostname: {} - # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. - # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller - # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirst - # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network - # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply - reportNodeInternalIp: false - # -- Process Ingress objects without ingressClass annotation/ingressClassName field - # Overrides value for --watch-ingress-without-class flag of the controller binary - # Defaults to false - watchIngressWithoutClass: false - # -- Process IngressClass per name (additionally as per spec.controller). - ingressClassByName: false - # -- This configuration defines if Ingress Controller should allow users to set - # their own *-snippet annotations, otherwise this is forbidden / dropped - # when users add those annotations. - # Global snippets in ConfigMap are still respected - allowSnippetAnnotations: true - # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), - # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 - # is merged - hostNetwork: false - ## Use host ports 80 and 443 - ## Disabled by default - hostPort: - # -- Enable 'hostPort' or not - enabled: false - ports: - # -- 'hostPort' http port - http: 80 - # -- 'hostPort' https port - https: 443 - # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' - electionID: "" - ## This section refers to the creation of the IngressClass resource - ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 - ingressClassResource: - # -- Name of the ingressClass - name: nginx - # -- Is this ingressClass enabled or not - enabled: true - # -- Is this the default ingressClass for the cluster - default: false - # -- Controller-value of the controller that is processing this ingressClass - controllerValue: "k8s.io/ingress-nginx" - # -- Parameters is a link to a custom resource containing additional - # configuration for the controller. This is optional if the controller - # does not require extra parameters. - parameters: {} - # -- For backwards compatibility with ingress.class annotation, use ingressClass. - # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation - ingressClass: nginx - # -- Labels to add to the pod container metadata - podLabels: {} - # key: value + name: controller + image: + ## Keep false as default for now! + chroot: false + registry: registry.k8s.io + image: ingress-nginx/controller + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "v1.5.1" + digest: sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + digestChroot: sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345 + pullPolicy: IfNotPresent + # www-data -> uid 101 + runAsUser: 101 + allowPrivilegeEscalation: true - # -- Security Context policies for controller pods - podSecurityContext: {} - # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls - sysctls: {} - # sysctls: - # "net.core.somaxconn": "8192" + # -- Use an existing PSP instead of creating one + existingPsp: "" - # -- Allows customization of the source of the IP address or FQDN to report - # in the ingress status field. By default, it reads the information provided - # by the service. If disable, the status field reports the IP address of the - # node or nodes where an ingress controller pod is running. - publishService: - # -- Enable 'publishService' or not - enabled: true - # -- Allows overriding of the publish service to bind to - # Must be / - pathOverride: "" - # Limit the scope of the controller to a specific namespace - scope: - # -- Enable 'scope' or not - enabled: false - # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) - namespace: "" - # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels - # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. - namespaceSelector: "" - # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) + # -- Configures the controller container name + containerName: controller + + # -- Configures the ports that the nginx-controller listens on + containerPort: + http: 80 + https: 443 + + # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ + config: {} + + # -- Annotations to be added to the controller config configuration configmap. + configAnnotations: {} + + # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers + proxySetHeaders: {} + + # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers + addHeaders: {} + + # -- Optionally customize the pod dnsConfig. + dnsConfig: {} + + # -- Optionally customize the pod hostname. + hostname: {} + + # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. + # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller + # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. + dnsPolicy: ClusterFirst + + # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network + # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply + reportNodeInternalIp: false + + # -- Process Ingress objects without ingressClass annotation/ingressClassName field + # Overrides value for --watch-ingress-without-class flag of the controller binary + # Defaults to false + watchIngressWithoutClass: false + + # -- Process IngressClass per name (additionally as per spec.controller). + ingressClassByName: false + + # -- This configuration defines if Ingress Controller should allow users to set + # their own *-snippet annotations, otherwise this is forbidden / dropped + # when users add those annotations. + # Global snippets in ConfigMap are still respected + allowSnippetAnnotations: true + + # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), + # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 + # is merged + hostNetwork: false + + ## Use host ports 80 and 443 + ## Disabled by default + hostPort: + # -- Enable 'hostPort' or not + enabled: false + ports: + # -- 'hostPort' http port + http: 80 + # -- 'hostPort' https port + https: 443 + + # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' + electionID: "" + + ## This section refers to the creation of the IngressClass resource + ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 + ingressClassResource: + # -- Name of the ingressClass + name: nginx + # -- Is this ingressClass enabled or not + enabled: true + # -- Is this the default ingressClass for the cluster + default: false + # -- Controller-value of the controller that is processing this ingressClass + controllerValue: "k8s.io/ingress-nginx" + + # -- Parameters is a link to a custom resource containing additional + # configuration for the controller. This is optional if the controller + # does not require extra parameters. + parameters: {} + + # -- For backwards compatibility with ingress.class annotation, use ingressClass. + # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation + ingressClass: nginx + + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value + + # -- Security Context policies for controller pods + podSecurityContext: {} + + # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls + sysctls: {} + # sysctls: + # "net.core.somaxconn": "8192" + + # -- Allows customization of the source of the IP address or FQDN to report + # in the ingress status field. By default, it reads the information provided + # by the service. If disable, the status field reports the IP address of the + # node or nodes where an ingress controller pod is running. + publishService: + # -- Enable 'publishService' or not + enabled: true + # -- Allows overriding of the publish service to bind to + # Must be / + pathOverride: "" + + # Limit the scope of the controller to a specific namespace + scope: + # -- Enable 'scope' or not + enabled: false + # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) + namespace: "" + # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels + # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. + namespaceSelector: "" + + # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + + tcp: + # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) configMapNamespace: "" - tcp: - # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) - configMapNamespace: "" - # -- Annotations to be added to the tcp config configmap - annotations: {} - udp: - # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) - configMapNamespace: "" - # -- Annotations to be added to the udp config configmap - annotations: {} - # -- Maxmind license key to download GeoLite2 Databases. - ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases - maxmindLicenseKey: "" - # -- Additional command line arguments to pass to nginx-ingress-controller - # E.g. to specify the default SSL certificate you can use - extraArgs: {} - ## extraArgs: - ## default-ssl-certificate: "/" - - # -- Additional environment variables to set - extraEnvs: [] - # extraEnvs: - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - - # -- Use a `DaemonSet` or `Deployment` - kind: Deployment - # -- Annotations to be added to the controller Deployment or DaemonSet - ## + # -- Annotations to be added to the tcp config configmap annotations: {} - # keel.sh/pollSchedule: "@every 60m" - # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels - ## - labels: {} - # keel.sh/policy: patch - # keel.sh/trigger: poll + udp: + # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the udp config configmap + annotations: {} - # -- The update strategy to apply to the Deployment or DaemonSet - ## - updateStrategy: {} - # rollingUpdate: - # maxUnavailable: 1 - # type: RollingUpdate + # -- Maxmind license key to download GeoLite2 Databases. + ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases + maxmindLicenseKey: "" - # -- `minReadySeconds` to avoid killing pods before we are ready - ## - minReadySeconds: 0 - # -- Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # -- Additional command line arguments to pass to nginx-ingress-controller + # E.g. to specify the default SSL certificate you can use + extraArgs: {} + ## extraArgs: + ## default-ssl-certificate: "/" - # -- Affinity and anti-affinity rules for server scheduling to nodes - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + + # -- Use a `DaemonSet` or `Deployment` + kind: Deployment + + # -- Annotations to be added to the controller Deployment or DaemonSet + ## + annotations: {} + # keel.sh/pollSchedule: "@every 60m" + + # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels + ## + labels: {} + # keel.sh/policy: patch + # keel.sh/trigger: poll + + + # -- The update strategy to apply to the Deployment or DaemonSet + ## + updateStrategy: {} + # rollingUpdate: + # maxUnavailable: 1 + # type: RollingUpdate + + # -- `minReadySeconds` to avoid killing pods before we are ready + ## + minReadySeconds: 0 + + + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + # -- Affinity and anti-affinity rules for server scheduling to nodes + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} # # An example of preferred pod anti-affinity, weight is in the range 1-100 # podAntiAffinity: # preferredDuringSchedulingIgnoredDuringExecution: @@ -238,10 +270,10 @@ controller: # - controller # topologyKey: "kubernetes.io/hostname" - # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] + # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule @@ -249,605 +281,669 @@ controller: # matchLabels: # app.kubernetes.io/instance: ingress-nginx-internal - # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready - ## wait up to five minutes for the drain of connections - ## - terminationGracePeriodSeconds: 300 - # -- Node labels for controller pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: - kubernetes.io/os: linux - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - ## startupProbe: - ## httpGet: - ## # should match container.healthCheckPath - ## path: "/healthz" - ## port: 10254 - ## scheme: HTTP - ## initialDelaySeconds: 5 - ## periodSeconds: 5 - ## timeoutSeconds: 2 - ## successThreshold: 1 - ## failureThreshold: 5 - livenessProbe: - httpGet: - # should match container.healthCheckPath - path: "/healthz" - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - readinessProbe: - httpGet: - # should match container.healthCheckPath - path: "/healthz" - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - # -- Path of the health check endpoint. All requests received on the port defined by - # the healthz-port parameter are forwarded internally to this path. - healthCheckPath: "/healthz" - # -- Address to bind the health check endpoint. - # It is better to set this option to the internal node address - # if the ingress nginx controller is running in the `hostNetwork: true` mode. - healthCheckHost: "" - # -- Annotations to be added to controller pods - ## - podAnnotations: {} - replicaCount: 1 - # -- Define either 'minAvailable' or 'maxUnavailable', never both. - minAvailable: 1 - # -- Define either 'minAvailable' or 'maxUnavailable', never both. - # maxUnavailable: 1 + # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready + ## wait up to five minutes for the drain of connections + ## + terminationGracePeriodSeconds: 300 - ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes - ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 - ## Ideally, there should be no limits. - ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ - resources: - ## limits: - ## cpu: 100m - ## memory: 90Mi - requests: - cpu: 100m - memory: 90Mi - # Mutually exclusive with keda autoscaling - autoscaling: - apiVersion: autoscaling/v2 - enabled: false - annotations: {} - minReplicas: 1 - maxReplicas: 11 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - behavior: {} - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 2 - # periodSeconds: 60 - autoscalingTemplate: [] - # Custom or additional autoscaling metrics - # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics - # - type: Pods - # pods: - # metric: - # name: nginx_ingress_controller_nginx_process_requests_total - # target: - # type: AverageValue - # averageValue: 10000m + # -- Node labels for controller pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: + kubernetes.io/os: linux - # Mutually exclusive with hpa autoscaling - keda: - apiVersion: "keda.sh/v1alpha1" - ## apiVersion changes with keda 1.x vs 2.x - ## 2.x = keda.sh/v1alpha1 - ## 1.x = keda.k8s.io/v1alpha1 - enabled: false - minReplicas: 1 - maxReplicas: 11 - pollingInterval: 30 - cooldownPeriod: 300 - restoreToOriginalReplicaCount: false - scaledObject: - annotations: {} - # Custom annotations for ScaledObject resource - # annotations: - # key: value - triggers: [] - # - type: prometheus - # metadata: - # serverAddress: http://:9090 - # metricName: http_requests_total - # threshold: '100' - # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) + ## Liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + ## startupProbe: + ## httpGet: + ## # should match container.healthCheckPath + ## path: "/healthz" + ## port: 10254 + ## scheme: HTTP + ## initialDelaySeconds: 5 + ## periodSeconds: 5 + ## timeoutSeconds: 2 + ## successThreshold: 1 + ## failureThreshold: 5 + livenessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 - behavior: {} - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 2 - # periodSeconds: 60 - # -- Enable mimalloc as a drop-in replacement for malloc. - ## ref: https://github.com/microsoft/mimalloc - ## - enableMimalloc: true - ## Override NGINX template - customTemplate: - configMapName: "" - configMapKey: "" - service: - enabled: true - # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were - # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # It allows choosing the protocol for each backend specified in the Kubernetes service. - # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 - # Will be ignored for Kubernetes versions older than 1.20 - ## - appProtocol: true - annotations: {} - labels: {} - # clusterIP: "" + # -- Path of the health check endpoint. All requests received on the port defined by + # the healthz-port parameter are forwarded internally to this path. + healthCheckPath: "/healthz" - # -- List of IP addresses at which the controller services are available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - loadBalancerIP: "" - loadBalancerSourceRanges: [] - enableHttp: true - enableHttps: true - ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" + # -- Address to bind the health check endpoint. + # It is better to set this option to the internal node address + # if the ingress nginx controller is running in the `hostNetwork: true` mode. + healthCheckHost: "" - ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". - ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - # sessionAffinity: "" + # -- Annotations to be added to controller pods + ## + podAnnotations: {} - ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, - ## the service controller allocates a port from your cluster’s NodePort range. - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - # healthCheckNodePort: 0 + replicaCount: 1 - # -- Represents the dual-stack-ness requested or required by this Service. Possible values are - # SingleStack, PreferDualStack or RequireDualStack. - # The ipFamilies and clusterIPs fields depend on the value of this field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ - ipFamilyPolicy: "SingleStack" - # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically - # based on cluster configuration and the ipFamilyPolicy field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ - ipFamilies: - - IPv4 - ports: - http: 80 - https: 443 - targetPorts: - http: http - https: https - type: LoadBalancer - ## type: NodePort - ## nodePorts: - ## http: 32080 - ## https: 32443 - ## tcp: - ## 8080: 32808 - nodePorts: - http: "" - https: "" - tcp: {} - udp: {} - external: - enabled: true - internal: - # -- Enables an additional internal load balancer (besides the external one). - enabled: false - # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. - annotations: {} - # loadBalancerIP: "" + # -- Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Define either 'minAvailable' or 'maxUnavailable', never both. + # maxUnavailable: 1 - # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. - loadBalancerSourceRanges: [] - ## Set external traffic policy to: "Local" to preserve source IP on - ## providers supporting it - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" - # shareProcessNamespace enables process namespace sharing within the pod. - # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. - shareProcessNamespace: false - # -- Additional containers to be added to the controller pod. - # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. - extraContainers: [] - # - name: my-sidecar - # image: nginx:latest - # - name: lemonldap-ng-controller - # image: lemonldapng/lemonldap-ng-controller:0.2.0 - # args: - # - /lemonldap-ng-controller - # - --alsologtostderr - # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration - # env: - # - name: POD_NAME - # valueFrom: - # fieldRef: - # fieldPath: metadata.name - # - name: POD_NAMESPACE - # valueFrom: - # fieldRef: - # fieldPath: metadata.namespace - # volumeMounts: - # - name: copy-portal-skins - # mountPath: /srv/var/lib/lemonldap-ng/portal/skins + ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes + ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 + ## Ideally, there should be no limits. + ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ + resources: + ## limits: + ## cpu: 100m + ## memory: 90Mi + requests: + cpu: 100m + memory: 90Mi - # -- Additional volumeMounts to the controller main container. - extraVolumeMounts: [] - # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins - - # -- Additional volumes to the controller pod. - extraVolumes: [] - # - name: copy-portal-skins - # emptyDir: {} - - # -- Containers, which are run before the app containers are started. - extraInitContainers: [] - # - name: init-myservice - # image: busybox - # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - - # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module - extraModules: [] - # containerSecurityContext: - # allowPrivilegeEscalation: false - # - # The image must contain a `/usr/local/bin/init_module.sh` executable, which - # will be executed as initContainers, to move its config files within the - # mounted volume. - - opentelemetry: - enabled: false - image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c - containerSecurityContext: - allowPrivilegeEscalation: false - admissionWebhooks: - annotations: {} - # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". - - ## Additional annotations to the admission webhooks. - ## These annotations will be added to the ValidatingWebhookConfiguration and - ## the Jobs Spec of the admission webhooks. - enabled: true - # -- Additional environment variables to set - extraEnvs: [] - # extraEnvs: - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - # -- Admission Webhook failure policy to use - failurePolicy: Fail - # timeoutSeconds: 10 - port: 8443 - certificate: "/usr/local/certificates/cert" - key: "/usr/local/certificates/key" - namespaceSelector: {} - objectSelector: {} - # -- Labels to be added to admission webhooks - labels: {} - # -- Use an existing PSP instead of creating one - existingPsp: "" - networkPolicyEnabled: false - service: - annotations: {} - # clusterIP: "" - externalIPs: [] - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 443 - type: ClusterIP - createSecretJob: - securityContext: - allowPrivilegeEscalation: false - resources: {} - # limits: - # cpu: 10m - # memory: 20Mi - # requests: - # cpu: 10m - # memory: 20Mi - patchWebhookJob: - securityContext: - allowPrivilegeEscalation: false - resources: {} - patch: - enabled: true - image: - registry: registry.k8s.io - image: ingress-nginx/kube-webhook-certgen - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: v20220916-gd32f8c343 - digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - pullPolicy: IfNotPresent - # -- Provide a priority class name to the webhook patching job - ## - priorityClassName: "" - podAnnotations: {} - nodeSelector: - kubernetes.io/os: linux - tolerations: [] - # -- Labels to be added to patch job resources - labels: {} - securityContext: - runAsNonRoot: true - runAsUser: 2000 - fsGroup: 2000 - # Use certmanager to generate webhook certs - certManager: - enabled: false - # self-signed root certificate - rootCert: - # default to be 5y - duration: "" - admissionCert: - # default to be 1y - duration: "" - # issuerRef: - # name: "issuer" - # kind: "ClusterIssuer" - metrics: - port: 10254 - portName: metrics - # if this port is changed, change healthz-port: in extraArgs: accordingly - enabled: false - service: - annotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/port: "10254" - - # clusterIP: "" - - # -- List of IP addresses at which the stats-exporter service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 10254 - type: ClusterIP - # externalTrafficPolicy: "" - # nodePort: "" - serviceMonitor: - enabled: false - additionalLabels: {} - ## The label to use to retrieve the job name from. - ## jobLabel: "app.kubernetes.io/name" - namespace: "" - namespaceSelector: {} - ## Default: scrape .Release.Namespace only - ## To scrape all, use the following: - ## namespaceSelector: - ## any: true - scrapeInterval: 30s - # honorLabels: true - targetLabels: [] - relabelings: [] - metricRelabelings: [] - prometheusRule: - enabled: false - additionalLabels: {} - # namespace: "" - rules: [] - # # These are just examples rules, please adapt them to your needs - # - alert: NGINXConfigFailed - # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 - # for: 1s - # labels: - # severity: critical - # annotations: - # description: bad ingress config - nginx config test failed - # summary: uninstall the latest ingress changes to allow config reloads to resume - # - alert: NGINXCertificateExpiry - # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 - # for: 1s - # labels: - # severity: critical - # annotations: - # description: ssl certificate(s) will expire in less then a week - # summary: renew expiring certificates to avoid downtime - # - alert: NGINXTooMany500s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: warning - # annotations: - # description: Too many 5XXs - # summary: More than 5% of all requests returned 5XX, this requires your attention - # - alert: NGINXTooMany400s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: warning - # annotations: - # description: Too many 4XXs - # summary: More than 5% of all requests returned 4XX, this requires your attention - # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: - # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds - # to 300, allowing the draining of connections up to five minutes. - # If the active connections end before that, the pod will terminate gracefully at that time. - # To effectively take advantage of this feature, the Configmap feature - # worker-shutdown-timeout new value is 240s instead of 10s. - ## - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - priorityClassName: "" -# -- Rollback limit -## -revisionHistoryLimit: 10 -## Default 404 backend -## -defaultBackend: - ## + # Mutually exclusive with keda autoscaling + autoscaling: + apiVersion: autoscaling/v2 enabled: false - name: defaultbackend - image: + annotations: {} + minReplicas: 1 + maxReplicas: 11 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + + autoscalingTemplate: [] + # Custom or additional autoscaling metrics + # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics + # - type: Pods + # pods: + # metric: + # name: nginx_ingress_controller_nginx_process_requests_total + # target: + # type: AverageValue + # averageValue: 10000m + + # Mutually exclusive with hpa autoscaling + keda: + apiVersion: "keda.sh/v1alpha1" + ## apiVersion changes with keda 1.x vs 2.x + ## 2.x = keda.sh/v1alpha1 + ## 1.x = keda.k8s.io/v1alpha1 + enabled: false + minReplicas: 1 + maxReplicas: 11 + pollingInterval: 30 + cooldownPeriod: 300 + restoreToOriginalReplicaCount: false + scaledObject: + annotations: {} + # Custom annotations for ScaledObject resource + # annotations: + # key: value + triggers: [] + # - type: prometheus + # metadata: + # serverAddress: http://:9090 + # metricName: http_requests_total + # threshold: '100' + # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) + + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + + # -- Enable mimalloc as a drop-in replacement for malloc. + ## ref: https://github.com/microsoft/mimalloc + ## + enableMimalloc: true + + ## Override NGINX template + customTemplate: + configMapName: "" + configMapKey: "" + + service: + enabled: true + + # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were + # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http + # It allows choosing the protocol for each backend specified in the Kubernetes service. + # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 + # Will be ignored for Kubernetes versions older than 1.20 + ## + appProtocol: true + + annotations: {} + labels: {} + # clusterIP: "" + + # -- List of IP addresses at which the controller services are available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + enableHttp: true + enableHttps: true + + ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + + ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + # sessionAffinity: "" + + ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, + ## the service controller allocates a port from your cluster’s NodePort range. + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # healthCheckNodePort: 0 + + # -- Represents the dual-stack-ness requested or required by this Service. Possible values are + # SingleStack, PreferDualStack or RequireDualStack. + # The ipFamilies and clusterIPs fields depend on the value of this field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilyPolicy: "SingleStack" + + # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically + # based on cluster configuration and the ipFamilyPolicy field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilies: + - IPv4 + + ports: + http: 80 + https: 443 + + targetPorts: + http: http + https: https + + type: LoadBalancer + + ## type: NodePort + ## nodePorts: + ## http: 32080 + ## https: 32443 + ## tcp: + ## 8080: 32808 + nodePorts: + http: "" + https: "" + tcp: {} + udp: {} + + external: + enabled: true + + internal: + # -- Enables an additional internal load balancer (besides the external one). + enabled: false + # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. + annotations: {} + + # loadBalancerIP: "" + + # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. + loadBalancerSourceRanges: [] + + ## Set external traffic policy to: "Local" to preserve source IP on + ## providers supporting it + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + + # shareProcessNamespace enables process namespace sharing within the pod. + # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. + shareProcessNamespace: false + + # -- Additional containers to be added to the controller pod. + # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. + extraContainers: [] + # - name: my-sidecar + # image: nginx:latest + # - name: lemonldap-ng-controller + # image: lemonldapng/lemonldap-ng-controller:0.2.0 + # args: + # - /lemonldap-ng-controller + # - --alsologtostderr + # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration + # env: + # - name: POD_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.name + # - name: POD_NAMESPACE + # valueFrom: + # fieldRef: + # fieldPath: metadata.namespace + # volumeMounts: + # - name: copy-portal-skins + # mountPath: /srv/var/lib/lemonldap-ng/portal/skins + + # -- Additional volumeMounts to the controller main container. + extraVolumeMounts: [] + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + # -- Additional volumes to the controller pod. + extraVolumes: [] + # - name: copy-portal-skins + # emptyDir: {} + + # -- Containers, which are run before the app containers are started. + extraInitContainers: [] + # - name: init-myservice + # image: busybox + # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] + + # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module + extraModules: [] + # containerSecurityContext: + # allowPrivilegeEscalation: false + # + # The image must contain a `/usr/local/bin/init_module.sh` executable, which + # will be executed as initContainers, to move its config files within the + # mounted volume. + + opentelemetry: + enabled: false + image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c + containerSecurityContext: + allowPrivilegeEscalation: false + + admissionWebhooks: + annotations: {} + # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". + + ## Additional annotations to the admission webhooks. + ## These annotations will be added to the ValidatingWebhookConfiguration and + ## the Jobs Spec of the admission webhooks. + enabled: true + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + # -- Admission Webhook failure policy to use + failurePolicy: Fail + # timeoutSeconds: 10 + port: 8443 + certificate: "/usr/local/certificates/cert" + key: "/usr/local/certificates/key" + namespaceSelector: {} + objectSelector: {} + # -- Labels to be added to admission webhooks + labels: {} + + # -- Use an existing PSP instead of creating one + existingPsp: "" + networkPolicyEnabled: false + + service: + annotations: {} + # clusterIP: "" + externalIPs: [] + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 443 + type: ClusterIP + + createSecretJob: + securityContext: + allowPrivilegeEscalation: false + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + patchWebhookJob: + securityContext: + allowPrivilegeEscalation: false + resources: {} + + patch: + enabled: true + image: registry: registry.k8s.io - image: defaultbackend-amd64 + image: ingress-nginx/kube-webhook-certgen ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "1.5" + tag: v20220916-gd32f8c343 + digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f pullPolicy: IfNotPresent - # nobody user -> uid 65534 - runAsUser: 65534 - runAsNonRoot: true - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - # -- Use an existing PSP instead of creating one - existingPsp: "" - extraArgs: {} - serviceAccount: - create: true - name: "" - automountServiceAccountToken: true - # -- Additional environment variables to set for defaultBackend pods - extraEnvs: [] - port: 8080 - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 0 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - # -- Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - affinity: {} - # -- Security Context policies for controller pods - # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - # notes on enabling and using sysctls - ## - podSecurityContext: {} - # -- Security Context policies for controller main container. - # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - # notes on enabling and using sysctls - ## - containerSecurityContext: {} - # -- Labels to add to the pod container metadata - podLabels: {} - # key: value - - # -- Node labels for default backend pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: + # -- Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + podAnnotations: {} + nodeSelector: kubernetes.io/os: linux - # -- Annotations to be added to default backend pods - ## - podAnnotations: {} - replicaCount: 1 - minAvailable: 1 - resources: {} - # limits: - # cpu: 10m - # memory: 20Mi - # requests: - # cpu: 10m - # memory: 20Mi + tolerations: [] + # -- Labels to be added to patch job resources + labels: {} + securityContext: + runAsNonRoot: true + runAsUser: 2000 + fsGroup: 2000 - extraVolumeMounts: [] - ## Additional volumeMounts to the default backend container. - # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins + # Use certmanager to generate webhook certs + certManager: + enabled: false + # self-signed root certificate + rootCert: + duration: "" # default to be 5y + admissionCert: + duration: "" # default to be 1y + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" - extraVolumes: [] - ## Additional volumes to the default backend pod. - # - name: copy-portal-skins - # emptyDir: {} - - autoscaling: - annotations: {} - enabled: false - minReplicas: 1 - maxReplicas: 2 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - service: - annotations: {} - # clusterIP: "" - - # -- List of IP addresses at which the default backend service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 80 - type: ClusterIP - priorityClassName: "" - # -- Labels to be added to the default backend resources - labels: {} -## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 -rbac: - create: true - scope: false -## If true, create & use Pod Security Policy resources -## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -podSecurityPolicy: + metrics: + port: 10254 + portName: metrics + # if this port is changed, change healthz-port: in extraArgs: accordingly enabled: false -serviceAccount: + + service: + annotations: {} + # prometheus.io/scrape: "true" + # prometheus.io/port: "10254" + + # clusterIP: "" + + # -- List of IP addresses at which the stats-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 10254 + type: ClusterIP + # externalTrafficPolicy: "" + # nodePort: "" + + serviceMonitor: + enabled: false + additionalLabels: {} + ## The label to use to retrieve the job name from. + ## jobLabel: "app.kubernetes.io/name" + namespace: "" + namespaceSelector: {} + ## Default: scrape .Release.Namespace only + ## To scrape all, use the following: + ## namespaceSelector: + ## any: true + scrapeInterval: 30s + # honorLabels: true + targetLabels: [] + relabelings: [] + metricRelabelings: [] + + prometheusRule: + enabled: false + additionalLabels: {} + # namespace: "" + rules: [] + # # These are just examples rules, please adapt them to your needs + # - alert: NGINXConfigFailed + # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: bad ingress config - nginx config test failed + # summary: uninstall the latest ingress changes to allow config reloads to resume + # - alert: NGINXCertificateExpiry + # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: ssl certificate(s) will expire in less then a week + # summary: renew expiring certificates to avoid downtime + # - alert: NGINXTooMany500s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 5XXs + # summary: More than 5% of all requests returned 5XX, this requires your attention + # - alert: NGINXTooMany400s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 4XXs + # summary: More than 5% of all requests returned 4XX, this requires your attention + + # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: + # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds + # to 300, allowing the draining of connections up to five minutes. + # If the active connections end before that, the pod will terminate gracefully at that time. + # To effectively take advantage of this feature, the Configmap feature + # worker-shutdown-timeout new value is 240s instead of 10s. + ## + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + + priorityClassName: "" + +# -- Rollback limit +## +revisionHistoryLimit: 10 + +## Default 404 backend +## +defaultBackend: + ## + enabled: false + + name: defaultbackend + image: + registry: registry.k8s.io + image: defaultbackend-amd64 + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "1.5" + pullPolicy: IfNotPresent + # nobody user -> uid 65534 + runAsUser: 65534 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + + # -- Use an existing PSP instead of creating one + existingPsp: "" + + extraArgs: {} + + serviceAccount: create: true name: "" automountServiceAccountToken: true - # -- Annotations for the controller service account + # -- Additional environment variables to set for defaultBackend pods + extraEnvs: [] + + port: 8080 + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 0 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + affinity: {} + + # -- Security Context policies for controller pods + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + podSecurityContext: {} + + # -- Security Context policies for controller main container. + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + containerSecurityContext: {} + + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value + + # -- Node labels for default backend pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: + kubernetes.io/os: linux + + # -- Annotations to be added to default backend pods + ## + podAnnotations: {} + + replicaCount: 1 + + minAvailable: 1 + + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + extraVolumeMounts: [] + ## Additional volumeMounts to the default backend container. + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + extraVolumes: [] + ## Additional volumes to the default backend pod. + # - name: copy-portal-skins + # emptyDir: {} + + autoscaling: annotations: {} + enabled: false + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + + service: + annotations: {} + + # clusterIP: "" + + # -- List of IP addresses at which the default backend service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + type: ClusterIP + + priorityClassName: "" + # -- Labels to be added to the default backend resources + labels: {} + +## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 +rbac: + create: true + scope: false + +## If true, create & use Pod Security Policy resources +## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + +serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + # -- Annotations for the controller service account + annotations: {} + # -- Optional array of imagePullSecrets containing private registry credentials ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] @@ -868,6 +964,7 @@ udp: {} # -- Prefix for TCP and UDP ports names in ingress controller service ## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration portNamePrefix: "" + # -- (string) A base64-encoded Diffie-Hellman parameter. # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 54d315b50..fbdf9486a 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +359,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +392,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +415,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -440,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -512,7 +527,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -523,7 +538,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -559,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -570,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -608,7 +623,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -621,7 +636,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 819de9079..73ec24286 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -335,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -353,7 +368,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,7 +401,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -409,7 +424,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -449,7 +464,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -524,7 +539,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -535,7 +550,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -571,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -582,7 +597,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -620,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -633,7 +648,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index 73aec6dc9..9e6e905bb 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -434,7 +449,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -506,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -517,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -553,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -564,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -602,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -615,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 19455ed27..dd986a55d 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -373,7 +388,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -396,7 +411,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -436,7 +451,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -508,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -519,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -555,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -566,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -604,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -617,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 3c4a022c3..64e0366b4 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -511,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -522,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -558,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -569,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -607,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -620,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 084fcd897..d6a40aed9 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -349,7 +364,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -382,7 +397,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -405,7 +420,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -445,7 +460,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -517,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -528,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -564,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -575,7 +590,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -613,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -626,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 355ca8054..62ead9e34 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -440,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,7 +537,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -533,7 +548,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -569,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -580,7 +595,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -618,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -631,7 +646,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index ff8b820b3..d52f01489 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -511,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -522,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -558,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -569,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -607,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -620,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 71a27b15f..29495b5c0 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -62,7 +62,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -225,7 +225,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -233,10 +233,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -282,7 +282,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -299,7 +299,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -307,7 +307,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -315,7 +315,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -330,7 +330,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` A @@ -357,7 +357,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index f943a96a6..d5aa6cc16 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -7,651 +7,11 @@ Do not try to edit it manually. -### [[Serial] admission controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L35) - -- [reject ingress with global-rate-limit annotations when memcached is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L48) -- [should not allow overlaps of host and paths without canary annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L75) -- [should allow overlaps of host and paths with canary annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L92) -- [should block ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L113) -- [should return an error if there is an error validating the ingress definition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L130) -- [should return an error if there is an invalid value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L141) -- [should return an error if there is a forbidden value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L155) -- [should not return an error if the Ingress V1 definition is valid with Ingress Class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L169) -- [should not return an error if the Ingress V1 definition is valid with IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L185) -- [should return an error if the Ingress V1 definition contains invalid annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L201) -- [should not return an error for an invalid Ingress when it has unknown class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L212) - -### [affinity session-cookie-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L35) - -- [should set sticky cookie SERVERID](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L42) -- [should change cookie name on ingress definition change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L64) -- [should set the path to /something on the generated cookie](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L99) -- [does not set the path to / on the generated cookie if there's more than one rule referring to the same backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L121) -- [should set cookie with expires](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L194) -- [should set cookie with domain](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L225) -- [should not set cookie without domain annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L248) -- [should work with use-regex annotation and session-cookie-path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L270) -- [should warn user when use-regex is true and session-cookie-path is not set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L294) -- [should not set affinity across all server locations when using separate ingresses](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L320) -- [should set sticky cookie without host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L352) -- [should work with server-alias annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L372) -- [should set secure in cookie with provided true annotation on http](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L412) -- [should not set secure in cookie with provided false annotation on http](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L435) -- [should set secure in cookie with provided false annotation on https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L458) - -### [affinitymode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L31) - -- [Balanced affinity mode should balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L34) -- [Check persistent affinity mode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L67) - -### [server-alias](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L29) - -- [should return status code 200 for host 'foo' and 404 for 'bar'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L36) -- [should return status code 200 for host 'foo' and 'bar'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L62) -- [should return status code 200 for hosts defined in two ingresses, different path with one alias](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L87) - -### [app-root](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/approot.go#L28) - -- [should redirect to /foo](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/approot.go#L35) - -### [auth-tls-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L29) - -- [should set sslClientCertificate, sslVerifyClient and sslVerifyDepth with auth-tls-secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L36) -- [should set valid auth-tls-secret, sslVerify to off, and sslVerifyDepth to 2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L84) -- [should 302 redirect to error page instead of 400 when auth-tls-error-page is set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L114) -- [should pass URL-encoded certificate to upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L161) -- [should validate auth-tls-verify-client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L206) -- [should return 403 using auth-tls-match-cn with no matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L266) -- [should return 200 using auth-tls-match-cn with matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L295) -- [should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L324) - -### [backend-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L27) - -- [should set backend protocol to https:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L34) -- [should set backend protocol to $scheme:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L49) -- [should set backend protocol to grpc:// and use grpc_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L64) -- [should set backend protocol to grpcs:// and use grpc_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L79) -- [should set backend protocol to '' and use fastcgi_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L94) -- [should set backend protocol to '' and use ajp_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L109) - -### [canary-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L36) - -- [should response with a 200 status from the mainline upstream when requests are made to the mainline ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L48) -- [should return 404 status for requests to the canary if no matching ingress is found](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L80) -- [should return the correct status codes when endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L107) -- [should route requests to the correct upstream if mainline ingress is created before the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L161) -- [should route requests to the correct upstream if mainline ingress is created after the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L206) -- [should route requests to the correct upstream if the mainline ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L250) -- [should route requests to the correct upstream if the canary ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L307) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L372) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L426) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L490) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L532) -- [should routes to mainline upstream when the given Regex causes error](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L566) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L604) -- [respects always and never values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L643) -- [should route requests only to mainline if canary weight is 0](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L705) -- [should route requests only to canary if canary weight is 100](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L743) -- [should route requests only to canary if canary weight is equal to canary weight total](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L775) -- [should route requests split between mainline and canary if canary weight is 50](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L808) -- [should not use canary as a catch-all server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L836) -- [should not use canary with domain as a server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L864) -- [does not crash when canary ingress has multiple paths to the same non-matching backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L888) -- [always routes traffic to canary if first request was affinitized to canary (default behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L916) -- [always routes traffic to canary if first request was affinitized to canary (explicit sticky behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L973) -- [routes traffic to either mainline or canary backend (legacy behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L1031) - -### [client-body-buffer-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L28) - -- [should set client_body_buffer_size to 1000](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L35) -- [should set client_body_buffer_size to 1K](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L57) -- [should set client_body_buffer_size to 1k](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L79) -- [should set client_body_buffer_size to 1m](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L101) -- [should set client_body_buffer_size to 1M](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L123) -- [should not set client_body_buffer_size to invalid 1b](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L145) - -### [connection-proxy-header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/connection.go#L29) - -- [set connection header to keep-alive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/connection.go#L36) - -### [cors-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L28) - -- [should enable cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L35) -- [should set cors methods to only allow POST, GET](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L62) -- [should set cors max-age](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L78) -- [should disable cors allow credentials](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L94) -- [should allow origin for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L110) -- [should allow headers for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L137) -- [should expose headers for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L153) -- [should allow - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L169) -- [should not allow - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L196) -- [should allow correct origins - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L216) -- [should not break functionality](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L267) -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L291) -- [should not break functionality with extra domain](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L314) -- [should not match](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L338) -- [should allow - single origin with required port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L358) -- [should not allow - single origin with port and origin without port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L386) -- [should not allow - single origin without port and origin with required port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L405) -- [should allow - matching origin with wildcard origin (2 subdomains)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L425) -- [should not allow - unmatching origin with wildcard origin (2 subdomains)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L468) -- [should allow - matching origin+port with wildcard origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L488) -- [should not allow - portless origin with wildcard origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L515) -- [should allow correct origins - missing subdomain + origin with wildcard origin and correct origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L535) -- [should allow - missing origins (should allow all origins)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L571) - -### [custom-http-errors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/customhttperrors.go#L34) - -- [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/customhttperrors.go#L41) - -### [default-backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/default_backend.go#L29) - -- [should use a custom default backend as upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/default_backend.go#L37) - -### [disable-access-log disable-http-access-log disable-stream-access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L28) - -- [disable-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L35) -- [disable-http-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L53) -- [disable-stream-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L71) - -### [backend-protocol - FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L31) - -- [should use fastcgi_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L38) -- [should add fastcgi_index in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L55) -- [should add fastcgi_param in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L72) -- [should return OK for service with backend protocol FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L105) - -### [force-ssl-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L27) - -- [should redirect to https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L34) - -### [from-to-www-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L31) - -- [should redirect from www HTTP to HTTP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L38) -- [should redirect from www HTTPS to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L64) - -### [annotation-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/globalratelimit.go#L30) - -- [generates correct configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/globalratelimit.go#L38) - -### [backend-protocol - GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L40) - -- [should use grpc_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L43) -- [should return OK for service with backend protocol GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L68) -- [authorization metadata should be overwritten by external auth response headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L126) -- [should return OK for service with backend protocol GRPCS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L199) - -### [http2-push-preload](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L27) - -- [enable the http2-push-preload directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L34) - -### [influxdb-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L39) - -- [should send the request metric to the influxdb server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L48) - -### [whitelist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L27) - -- [should set valid ip whitelist range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L34) - -### [Annotation - limit-connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitconnections.go#L31) - -- [should limit-connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitconnections.go#L38) - -### [limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitrate.go#L29) - -- [Check limit-rate annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitrate.go#L37) - -### [enable-access-log enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L27) - -- [set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L34) -- [set rewrite_log on](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L49) - -### [mirror-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L28) - -- [should set mirror-target to http://localhost/mirror](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L36) -- [should set mirror-target to https://test.env.com/$request_uri](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L51) -- [should disable mirror-request-body](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L67) - -### [modsecurity owasp](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L28) - -- [should enable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L35) -- [should enable modsecurity with transaction ID and OWASP rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L53) -- [should disable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L74) -- [should enable modsecurity with snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L91) -- [should enable modsecurity without using 'modsecurity on;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L110) -- [should disable modsecurity using 'modsecurity off;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L132) -- [should enable modsecurity with snippet and block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L153) -- [should enable modsecurity globally and with modsecurity-snippet block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L189) -- [should enable modsecurity when enable-owasp-modsecurity-crs is set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L225) -- [should enable modsecurity through the config map](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L264) -- [should enable modsecurity through the config map but ignore snippet as disabled by admin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L305) -- [should disable default modsecurity conf setting when modsecurity-snippet is specified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L347) - -### [preserve-trailing-slash](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L27) - -- [should allow preservation of trailing slashes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L34) - -### [proxy-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L28) - -- [should set proxy_redirect to off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L36) -- [should set proxy_redirect to default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L52) -- [should set proxy_redirect to hello.com goodbye.com](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L68) -- [should set proxy client-max-body-size to 8m](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L85) -- [should not set proxy client-max-body-size to incorrect value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L100) -- [should set valid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L115) -- [should not set invalid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L136) -- [should turn on proxy-buffering](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L157) -- [should turn off proxy-request-buffering](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L179) -- [should build proxy next upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L194) -- [should setup proxy cookies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L215) -- [should change the default proxy HTTP version](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L233) - -### [proxy-ssl-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L30) - -- [should set valid proxy-ssl-secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L37) -- [should set valid proxy-ssl-secret, proxy-ssl-verify to on, proxy-ssl-verify-depth to 2, and proxy-ssl-server-name to on](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L64) -- [should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L94) -- [should set valid proxy-ssl-secret, proxy-ssl-protocols](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L122) -- [proxy-ssl-location-only flag should change the nginx config server part](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L150) - -### [permanent-redirect permanent-redirect-code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L30) - -- [should respond with a standard redirect code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L33) -- [should respond with a custom redirect code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L61) - -### [rewrite-target use-regex enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L30) - -- [should write rewrite logs](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L37) -- [should use correct longest path match](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L66) -- [should use ~* location modifier if regex annotation is present](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L111) -- [should fail to use longest match for documented warning](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L158) -- [should allow for custom rewrite parameters](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L190) - -### [satisfy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L35) - -- [should configure satisfy directive correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L42) -- [should allow multiple auth with satisfy any](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L84) - -### [server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L28) - -- [add valid directives to server via server snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L35) -- [drops server snippet if disabled by the administrator](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L61) - -### [service-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L32) - -- [should use the Service Cluster IP and Port ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L41) -- [should use the Service Cluster IP and Port ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L70) -- [should not use the Service Cluster IP and Port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L99) - -### [configuration-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L28) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L35) -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L58) - -### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/sslciphers.go#L28) - -- [should change ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/sslciphers.go#L35) - -### [stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L34) - -- [should add value of stream-snippet to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L41) -- [should add stream-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L85) - -### [upstream-hash-by-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L76) - -- [should connect to the same pod](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L83) -- [should connect to the same subset of pods](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L92) - -### [upstream-vhost](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamvhost.go#L27) - -- [set host to upstreamvhost.bar.com](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamvhost.go#L34) - -### [x-forwarded-prefix](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L28) - -- [should set the X-Forwarded-Prefix to the annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L35) -- [should not add X-Forwarded-Prefix if the annotation value is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L57) - -### [auth-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L39) - -- [should return status code 200 when no authentication is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L46) -- [should return status code 503 when authentication is configured with an invalid secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L65) -- [should return status code 401 when authentication is configured but Authorization header is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L89) -- [should return status code 401 when authentication is configured and Authorization header is sent with invalid credentials](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L116) -- [should return status code 401 and cors headers when authentication and cors is configured but Authorization header is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L144) -- [should return status code 200 when authentication is configured and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L172) -- [should return status code 200 when authentication is configured with a map and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L199) -- [should return status code 401 when authentication is configured with invalid content and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L227) -- [ when external auth is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L266) -- [ when external auth is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L284) -- [ when auth-headers are set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L301) -- [should set cache_key when external auth cache is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L322) -- [user retains cookie by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L411) -- [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L422) -- [user with annotated ingress retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L433) -- [should return status code 200 when signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L485) -- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L494) -- [keeps processing new ingresses even if one of the existing ingresses is misconfigured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L505) -- [should overwrite Foo header with auth response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L529) -- [should not create additional upstream block when auth-keepalive is not set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L552) -- [should not create additional upstream block when host part of auth-url contains a variable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L570) -- [should not create additional upstream block when auth-keepalive is negative](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L590) -- [should not create additional upstream block when auth-keepalive is set with HTTP/2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L609) -- [should create additional upstream block when auth-keepalive is set with HTTP/1.x](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L623) -- [should return status code 200 when signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L678) -- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L687) -- [keeps processing new ingresses even if one of the existing ingresses is misconfigured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L698) -- [should return status code 200 when signed in after auth backend is deleted ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L772) -- [should deny login for different location on same server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L792) -- [should deny login for different servers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L820) -- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L849) -- [should return 503 (location was denied)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L879) -- [should add error to the config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L887) - -### [Debug CLI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L29) - -- [should list the backend servers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L37) -- [should get information for a specific backend server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L56) -- [should produce valid JSON for /dbg general](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L85) - -### [[Default Backend] custom service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/custom_default_backend.go#L33) - -- [uses custom default backend that returns 200 as status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/custom_default_backend.go#L36) - -### [[Default Backend]](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L30) - -- [should return 404 sending requests when only a default backend is running](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L33) -- [enables access logging for default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L88) -- [disables access logging for default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L105) - -### [[Default Backend] SSL](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/ssl.go#L26) - -- [should return a self generated SSL certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/ssl.go#L29) - -### [[Default Backend] change default settings](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L30) - -- [should apply the annotation to the default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L38) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) - -### [[Endpointslices] long service name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L29) - -- [should return 200 when service name has max allowed number of characters 63](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L38) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L) - -### [[Setting] ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L190) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L206) -- [ [MemoryLeak]](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L207) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/grpc_fortune_teller.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/grpc_fortune_teller.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/array.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/array.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/chain.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/chain.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/cookie.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/cookie.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/match.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/match.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/object.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/object.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/reporter.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/reporter.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/request.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/request.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/response.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/response.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/string.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/string.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/value.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/value.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/influxdb.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/influxdb.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/ssl.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/ssl.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/test_context.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/test_context.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L) - -### [[Shutdown] Grace period shutdown](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/grace_period.go#L32) - -- [/healthz should return status code 500 during shutdown grace period](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/grace_period.go#L35) - -### [[Shutdown] ingress controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L30) - -- [should shutdown in less than 60 secons without pending connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L40) -- [should shutdown after waiting 60 seconds for pending connections to be closed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L61) -- [should shutdown after waiting 150 seconds for pending connections to be closed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L106) - -### [[Shutdown] Graceful shutdown with pending request](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/slow_requests.go#L25) - -- [should let slow requests finish before shutting down](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/slow_requests.go#L33) - -### [[Ingress] DeepInspection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/deep_inspection.go#L27) - -- [should drop whole ingress if one path matches invalid regex](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/deep_inspection.go#L34) - -### [single ingress - multiple hosts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/multiple_rules.go#L30) - -- [should set the correct $service_name NGINX variable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/multiple_rules.go#L38) - -### [[Ingress] [PathType] exact](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_exact.go#L30) - -- [should choose exact location for /exact](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_exact.go#L37) - -### [[Ingress] [PathType] mix Exact and Prefix paths](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_mixed.go#L30) - -- [should choose the correct location](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_mixed.go#L39) - -### [[Ingress] [PathType] prefix checks](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_prefix.go#L28) - -- [should return 404 when prefix /aaa does not match request /aaaccc](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_prefix.go#L35) - -### [[Ingress] definition without host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L31) - -- [should set ingress details variables for ingresses without a host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L34) -- [should set ingress details variables for ingresses with host without IngressRuleValue, only Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L55) - -### [[Memory Leak] Dynamic Certificates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/leaks/lua_ssl.go#L35) - -- [should not leak memory from ingress SSL certificates or configuration updates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/leaks/lua_ssl.go#L42) - -### [[Load Balancer] load-balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L28) - -- [should apply the configmap load-balance setting](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L35) - -### [[Load Balancer] EWMA](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L31) - -- [does not fail requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L42) - -### [[Load Balancer] round-robin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L31) - -- [should evenly distribute requests with round-robin (default algorithm)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L39) - -### [[Lua] dynamic certificates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L37) - -- [picks up the certificate when we add TLS spec to existing ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L45) -- [picks up the previously missing secret for a given ingress without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L70) -- [supports requests with domain with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L145) -- [picks up the updated certificate without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L149) -- [falls back to using default certificate when secret gets deleted without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L185) -- [picks up a non-certificate only change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L218) -- [removes HTTPS configuration when we delete TLS spec](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L233) - -### [[Lua] dynamic configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L42) - -- [configures balancer Lua middleware correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L50) -- [handles endpoints only changes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L62) -- [handles endpoints only changes (down scaling of replicas)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L87) -- [handles endpoints only changes consistently (down scaling of replicas vs. empty service)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L125) -- [handles an annotation change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L171) - -### [nginx-configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L99) - -- [start nginx with default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L102) -- [fails when using alias directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L115) -- [fails when using root directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L124) - -### [[Security] request smuggling](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L32) - -- [should not return body content from error_page](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L39) - -### [[Security] validate path fields](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L42) - -- [should accept an ingress with valid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L49) -- [should drop an ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L67) -- [should drop an ingress with regex path and regex disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L84) -- [should accept an ingress with regex path and regex enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L101) -- [should reject an ingress with invalid path and regex enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L118) - -### [[Service] backend status code 503](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L33) - -- [should return 503 when backend service does not exist](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L36) -- [should return 503 when all backend service endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L54) - -### [[Service] Type ExternalName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L59) - -- [works with external name set to incomplete fqdn](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L62) -- [should return 200 for service type=ExternalName without a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L95) -- [should return 200 for service type=ExternalName with a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L129) -- [should return status 502 for service type=ExternalName with an invalid host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L153) -- [should return 200 for service type=ExternalName using a port name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L184) -- [should return 200 for service type=ExternalName using FQDN with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L217) -- [should update the external name after a service update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L248) -- [should sync ingress on external name service addition/deletion](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L311) - -### [[Service] Nil Service Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L31) - -- [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38) - -### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L27) - -- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L32) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L42) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L54) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L67) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L80) - -### [Bad annotation values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L29) - -- [[BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L36) -- [[BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L67) -- [[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L102) -- [[BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L133) - -### [brotli](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L30) - -- [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39) - -### [Configmap change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L29) - -- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L36) - -### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) - -- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) -- [Add multiple custom headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L65) - -### [[SSL] [Flag] default-ssl-certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L33) - -- [uses default ssl certificate for catch-all ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L64) -- [uses default ssl certificate for host based ingress when configured certificate does not match host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L80) - -### [[Flag] disable-catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L33) - -- [should ignore catch all Ingress with backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L50) -- [should ignore catch all Ingress with backend and rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L69) -- [should delete Ingress updated to catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L81) -- [should allow Ingress with rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L123) - -### [[Flag] disable-service-external-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L35) - -- [should ignore services of external-name type](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L52) - -### [enable-real-ip](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L30) - -- [trusts X-Forwarded-For header only when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L40) -- [should not trust X-Forwarded-For header when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L78) - -### [use-forwarded-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L30) - -- [should trust X-Forwarded headers when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L40) -- [should not trust X-Forwarded headers when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L92) - ### [Geoip2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L37) - [should include geoip2 line in config when enabled and db file exists](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L46) - [should only allow requests from specific countries](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L70) -### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L28) - -- [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L38) -- [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L55) -- [should block Referers defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L88) - ### [[Security] global-auth-url](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L34) - [should return status code 401 when request any protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L85) @@ -667,39 +27,59 @@ Do not try to edit it manually. - [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L337) - [user with global-auth-always-set-cookie key in configmap retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L348) -### [global-options](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L28) +### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L40) -- [should have worker_rlimit_nofile option](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L31) -- [should have worker_rlimit_nofile option and be independent on amount of worker processes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L38) +- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L43) -### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L30) +### [log-format-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L28) -- [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L38) +- [should disable the log-format-escape-json by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L40) +- [should enable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L47) +- [should disable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L55) +- [log-format-escape-json enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L66) +- [log-format-escape-json disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L89) -### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L27) +### [server-tokens](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L29) -- [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L40) -- [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L48) -- [should set proxy-headers-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L60) -- [should set proxy-headers-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L68) -- [should set variables-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L80) -- [should set variables-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L88) -- [should set vmap-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L100) +- [should not exists Server header in the response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L38) +- [should exists Server header in the response when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L50) -### [[Flag] ingress-class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L39) +### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L28) -- [should ignore Ingress with a different class annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L68) -- [should ignore Ingress with different controller class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L104) -- [should accept both Ingresses with default IngressClassName and IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L132) -- [should ignore Ingress without IngressClass configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L164) -- [should delete Ingress when class is removed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L192) -- [should serve Ingress when class is added](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L257) -- [should serve Ingress when class is updated between annotation and ingressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L323) -- [should ignore Ingress with no class and accept the correctly configured Ingresses](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L413) -- [should watch Ingress with no class and ignore ingress with a different class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L482) -- [should watch Ingress that uses the class name even if spec is different](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L539) -- [should watch Ingress with correct annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L631) -- [should ignore Ingress with only IngressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L652) +- [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L36) +- [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L52) + +### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L28) + +- [Add ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L31) + +### [use-proxy-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L36) + +- [should respect port passed by the PROXY Protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L46) +- [should respect proto passed by the PROXY Protocol server port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L79) +- [should enable PROXY Protocol for HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L112) +- [should enable PROXY Protocol for TCP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L155) + +### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L28) + +- [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L35) + +### [configmap server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L28) + +- [should add value of server-snippet setting to all ingress config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L35) +- [should add global server-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L92) + +### [[Flag] disable-catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L33) + +- [should ignore catch all Ingress with backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L50) +- [should ignore catch all Ingress with backend and rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L69) +- [should delete Ingress updated to catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L81) +- [should allow Ingress with rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L123) + +### [enable-real-ip](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L30) + +- [trusts X-Forwarded-For header only when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L40) +- [should not trust X-Forwarded-For header when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L78) ### [keep-alive keep-alive-requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L28) @@ -707,41 +87,7 @@ Do not try to edit it manually. - [should set keepalive_requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L48) - [should set keepalive connection to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L59) - [should set keep alive connection timeout to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L68) -- [should set keepalive time to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L77) -- [should set the request count to upstream server through one keep alive connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L86) - -### [Configmap - limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L28) - -- [Check limit-rate config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L36) - -### [[Flag] custom HTTP and HTTPS ports](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L32) - -- [should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L48) -- [should set X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L70) -- [should set the X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L100) - -### [log-format-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L28) - -- [should not configure log-format escape by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L40) -- [should enable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L47) -- [should disable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L55) -- [should enable the log-format-escape-none](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L63) -- [should disable the log-format-escape-none](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L71) -- [log-format-escape-json enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L82) -- [log-format default escape](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L105) -- [log-format-escape-none enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L128) - -### [[Lua] lua-shared-dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L26) - -- [configures lua shared dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L29) - -### [main-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L27) - -- [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31) - -### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27) - -- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30) +- [should set the request count to upstream server through one keep alive connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L77) ### [enable-multi-accept](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L27) @@ -753,19 +99,9 @@ Do not try to edit it manually. - [should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L70) -### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33) +### [[Flag] disable-service-external-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L34) -- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54) -- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68) -- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82) - -### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28) - -- [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31) - -### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42) - -- [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49) +- [should ignore services of external-name type](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L51) ### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L48) @@ -783,48 +119,41 @@ Do not try to edit it manually. - [should enable opentracing using jaeger with an HTTP endpoint](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L228) - [should enable opentracing using datadog](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L241) -### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L28) +### [Configmap change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L29) -- [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L35) +- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L36) -### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L41) +### [Configmap - limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L28) -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L44) +- [Check limit-rate config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L36) -### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L37) +### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L26) -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L40) +- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L31) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L41) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L53) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L66) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L79) -### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L28) +### [global-options](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L28) -- [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L36) -- [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L52) +- [should have worker_rlimit_nofile option](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L31) +- [should have worker_rlimit_nofile option and be independent on amount of worker processes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L38) -### [Dynamic $proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L28) +### [[Flag] ingress-class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L39) -- [should exist a proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L36) -- [should exist a proxy_host using the upstream-vhost annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L57) - -### [proxy-next-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L28) - -- [should build proxy next upstream using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L36) - -### [use-proxy-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L36) - -- [should respect port passed by the PROXY Protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L46) -- [should respect proto passed by the PROXY Protocol server port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L79) -- [should enable PROXY Protocol for HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L112) -- [should enable PROXY Protocol for TCP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L155) - -### [proxy-read-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L28) - -- [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) -- [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) - -### [proxy-send-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L28) - -- [should set valid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L36) -- [should not set invalid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L52) +- [should ignore Ingress with a different class annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L68) +- [should ignore Ingress with different controller class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L104) +- [should accept both Ingresses with default IngressClassName and IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L132) +- [should ignore Ingress without IngressClass configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L164) +- [should delete Ingress when class is removed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L192) +- [should serve Ingress when class is added](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L257) +- [should serve Ingress when class is updated between annotation and ingressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L323) +- [should ignore Ingress with no class and accept the correctly configured Ingresses](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L413) +- [should watch Ingress with no class and ignore ingress with a different class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L482) +- [should watch Ingress that uses the class name even if spec is different](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L539) +- [should watch Ingress with correct annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L631) +- [should ignore Ingress with only IngressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L652) ### [reuse-port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L27) @@ -832,33 +161,133 @@ Do not try to edit it manually. - [reuse port should be disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L44) - [reuse port should be enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L52) -### [configmap server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L28) +### [proxy-send-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L28) -- [should add value of server-snippet setting to all ingress config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L35) -- [should add global server-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L92) +- [should set valid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L36) +- [should not set invalid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L52) -### [server-tokens](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L29) +### [[SSL] [Flag] default-ssl-certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L33) -- [should not exists Server header in the response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L38) -- [should exists Server header in the response when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L50) +- [uses default ssl certificate for catch-all ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L64) +- [uses default ssl certificate for host based ingress when configured certificate does not match host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L80) -### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L28) +### [brotli](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L30) -- [Add ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L31) +- [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39) -### [configmap stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L35) +### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L36) -- [should add value of stream-snippet via config map to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L42) +- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L39) + +### [Dynamic $proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L28) + +- [should exist a proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L36) +- [should exist a proxy_host using the upstream-vhost annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L57) + +### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L28) + +- [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L38) +- [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L55) +- [should block Referers defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L88) + +### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L30) + +- [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L38) + +### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28) + +- [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31) + +### [main-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L27) + +- [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31) + +### [[Lua] lua-shared-dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L26) + +- [configures lua shared dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L29) + +### [Bad annotation values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L29) + +- [[BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L36) +- [[BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L67) +- [[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L102) +- [[BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L133) ### [[SSL] TLS protocols, ciphers and headers)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L31) - [setting cipher suite](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L65) -- [setting max-age parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L111) -- [setting includeSubDomains parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L127) -- [setting preload parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L146) -- [overriding what's set from the upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L166) -- [should not use ports during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L187) -- [should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L205) +- [enforcing TLS v1.0](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L87) +- [setting max-age parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L133) +- [setting includeSubDomains parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L149) +- [setting preload parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L168) +- [overriding what's set from the upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L188) +- [should not use ports during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L209) +- [should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L227) + +### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27) + +- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30) + +### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42) + +- [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49) + +### [configmap stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L34) + +- [should add value of stream-snippet via config map to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L41) + +### [proxy-read-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L28) + +- [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) +- [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) + +### [proxy-next-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L28) + +- [should build proxy next upstream using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L36) + +### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L27) + +- [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L40) +- [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L48) +- [should set proxy-headers-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L60) +- [should set proxy-headers-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L68) +- [should set variables-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L80) +- [should set variables-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L88) +- [should set vmap-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L100) + +### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33) + +- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54) +- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68) +- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82) + +### [[Flag] custom HTTP and HTTPS ports](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L32) + +- [should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L48) +- [should set X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L70) +- [should set the X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L100) + +### [use-forwarded-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L30) + +- [should trust X-Forwarded headers when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L40) +- [should not trust X-Forwarded headers when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L92) + +### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) + +- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) +- [Add multiple custom headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L65) + +### [[Load Balancer] round-robin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L31) + +- [should evenly distribute requests with round-robin (default algorithm)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L39) + +### [[Load Balancer] EWMA](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L31) + +- [does not fail requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L42) + +### [[Load Balancer] load-balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L28) + +- [should apply the configmap load-balance setting](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L35) ### [[SSL] redirect to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/http_redirect.go#L29) @@ -869,11 +298,22 @@ Do not try to edit it manually. - [should not appear references to secret updates not used in ingress rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L40) - [should return the fake SSL certificate if the secret is invalid](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L82) -### [[Status] status update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L38) +### [[Service] Type ExternalName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L58) -- [should update status field after client-go reconnection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L43) +- [works with external name set to incomplete fqdn](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L61) +- [should return 200 for service type=ExternalName without a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L94) +- [should return 200 for service type=ExternalName with a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L128) +- [should return status 502 for service type=ExternalName with an invalid host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L152) +- [should return 200 for service type=ExternalName using a port name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L183) +- [should return 200 for service type=ExternalName using FQDN with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L216) +- [should update the external name after a service update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L247) +- [should sync ingress on external name service addition/deletion](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L310) -### [[TCP] tcp-services](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L37) +### [[Service] Nil Service Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L31) -- [should expose a TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L40) -- [should expose an ExternalName TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L98) \ No newline at end of file +- [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38) + +### [[Service] backend status code 503](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L33) + +- [should return 503 when backend service does not exist](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L36) +- [should return 503 when all backend service endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L54) From a6badc438f33b5d7d2fff5f3444c0364af76a42d Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 29 Dec 2022 20:02:55 -0500 Subject: [PATCH 457/494] roll helm chart forward Signed-off-by: James Strong --- charts/ingress-nginx/Chart.yaml | 2 +- charts/ingress-nginx/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 461601f59..2a15960f7 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.4.0 +version: 4.4.2 appVersion: 1.5.1 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index af71493fe..e4ef9ec1b 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.4.0](https://img.shields.io/badge/Version-4.4.0-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) +![Version: 4.4.2](https://img.shields.io/badge/Version-4.4.2-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. From 5bfd3e2a674a0b6e36282df3d48077c9ed5bd8c8 Mon Sep 17 00:00:00 2001 From: Kir Shatrov Date: Fri, 6 Jan 2023 18:07:58 +0300 Subject: [PATCH 458/494] Optional podman support (#9294) --- .gitignore | 1 + build/run-in-docker.sh | 45 ++++++++++++++++++++++-------------------- 2 files changed, 25 insertions(+), 21 deletions(-) diff --git a/.gitignore b/.gitignore index 0943c3b1a..2c0accad7 100644 --- a/.gitignore +++ b/.gitignore @@ -59,3 +59,4 @@ images/fastcgi-helloserver/rootfs/fastcgi-helloserver cmd/plugin/release/ingress-nginx.yaml cmd/plugin/release/*.tar.gz cmd/plugin/release/LICENSE +tmp/ diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index d41464e2e..44ca2d5f7 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -19,20 +19,26 @@ if [ "$DEBUG" == "true" ]; then set -x fi +RUNTIME=${RUNTIME:-"docker"} + set -o errexit set -o nounset set -o pipefail # temporal directory for the /etc/ingress-controller directory -INGRESS_VOLUME=$(mktemp -d) +if [[ "$OSTYPE" == darwin* ]] && [[ "$RUNTIME" == podman ]]; then + mkdir -p "tmp" + INGRESS_VOLUME=$(pwd)/$(mktemp -d tmp/XXXXXX) +else + INGRESS_VOLUME=$(mktemp -d) + if [[ "$OSTYPE" == darwin* ]]; then + INGRESS_VOLUME=/private$INGRESS_VOLUME + fi +fi # make sure directory for SSL cert storage exists under ingress volume mkdir "${INGRESS_VOLUME}/ssl" -if [[ "$OSTYPE" == darwin* ]]; then - INGRESS_VOLUME=/private$INGRESS_VOLUME -fi - function cleanup { rm -rf "${INGRESS_VOLUME}" } @@ -40,6 +46,11 @@ trap cleanup EXIT E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221221-controller-v1.5.1-62-g6ffaef32a@sha256:8f025472964cd15ae2d379503aba150565a8d78eb36b41ddfc5f1e3b1ca81a8e} +if [[ "$RUNTIME" == podman ]]; then + # Podman does not support both tag and digest + E2E_IMAGE=$(echo $E2E_IMAGE | awk -F "@sha" '{print $1}') +fi + DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} @@ -82,20 +93,12 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then /bin/bash -c "${FLAGS}" else echo "Reached DIND check ELSE block, inside run-in-docker.sh" - docker run \ - ${PLATFORM_FLAG} ${PLATFORM} \ - --tty \ - --rm \ - ${DOCKER_OPTS} \ - -e DEBUG=${DEBUG} \ - -e GOCACHE="/go/src/${PKG}/.cache" \ - -e GOMODCACHE="/go/src/${PKG}/.modcache" \ - -e DOCKER_IN_DOCKER_ENABLED="true" \ - -v "${HOME}/.kube:${HOME}/.kube" \ - -v "${KUBE_ROOT}:/go/src/${PKG}" \ - -v "${KUBE_ROOT}/bin/${ARCH}:/go/bin/linux_${ARCH}" \ - -v "/var/run/docker.sock:/var/run/docker.sock" \ - -v "${INGRESS_VOLUME}:/etc/ingress-controller/" \ - -w "/go/src/${PKG}" \ - ${E2E_IMAGE} /bin/bash -c "${FLAGS}" + + args="${PLATFORM_FLAG} ${PLATFORM} --tty --rm ${DOCKER_OPTS} -e DEBUG=${DEBUG} -e GOCACHE="/go/src/${PKG}/.cache" -e GOMODCACHE="/go/src/${PKG}/.modcache" -e DOCKER_IN_DOCKER_ENABLED="true" -v "${HOME}/.kube:${HOME}/.kube" -v "${KUBE_ROOT}:/go/src/${PKG}" -v "${KUBE_ROOT}/bin/${ARCH}:/go/bin/linux_${ARCH}" -v "${INGRESS_VOLUME}:/etc/ingress-controller/" -w "/go/src/${PKG}"" + + if [[ "$RUNTIME" == "docker" ]]; then + args="$args -v /var/run/docker.sock:/var/run/docker.sock" + fi + + ${RUNTIME} run $args ${E2E_IMAGE} /bin/bash -c "${FLAGS}" fi From 96b3d216550e8aa538a730fa112a40e8f75aec95 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Sun, 8 Jan 2023 00:37:27 +0100 Subject: [PATCH 459/494] bump OpenTelemetry (#9489) --- images/opentelemetry/rootfs/CMakeLists.txt | 2 +- images/opentelemetry/rootfs/Dockerfile | 4 ++-- images/opentelemetry/rootfs/build.sh | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/images/opentelemetry/rootfs/CMakeLists.txt b/images/opentelemetry/rootfs/CMakeLists.txt index e4abc7346..ef90b5805 100644 --- a/images/opentelemetry/rootfs/CMakeLists.txt +++ b/images/opentelemetry/rootfs/CMakeLists.txt @@ -21,7 +21,7 @@ project( LANGUAGES CXX VERSION 0.0.1) -set(CMAKE_CXX_STANDARD 11) +set(CMAKE_CXX_STANDARD 17) set(CMAKE_CXX_EXTENSIONS OFF) set(CMAKE_CXX_STANDARD_REQUIRED ON) set(CMAKE_CXX_FLAGS "-O2") diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 7746edbf1..aa4e219af 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -26,12 +26,12 @@ RUN apk update \ # install gRPC FROM base as grpc -RUN bash /opt/third_party/build.sh -g v1.43.2 +RUN bash /opt/third_party/build.sh -g v1.49.2 # install OpenTelemetry-cpp FROM base as otel-cpp COPY --from=grpc /opt/third_party/install/ /usr -RUN bash /opt/third_party/build.sh -o v1.3.0 +RUN bash /opt/third_party/build.sh -o v1.8.1 # install otel_ngx_module.so FROM base as nginx diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index 19914932c..6ad4601c6 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -100,9 +100,9 @@ install_otel() -DBUILD_SHARED_LIBS=OFF \ -DWITH_OTLP=ON \ -DWITH_OTLP_GRPC=ON \ - -DWITH_EXAMPLES=OFF \ - -DWITH_ABSEIL=ON \ -DWITH_OTLP_HTTP=OFF \ + -DWITH_ABSEIL=OFF \ + -DWITH_EXAMPLES=OFF \ .. cmake --build . -j ${CORES} --target install } @@ -126,7 +126,7 @@ install_nginx() export NGINX_VERSION=1.21.6 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/2656a4...main - export OPENTELEMETRY_CONTRIB_COMMIT=6467ec2e4d67b08b44580b7eb7a298786f4eef91 + export OPENTELEMETRY_CONTRIB_COMMIT=1ec94c82095bab61f06c7393b6f3272469d285af mkdir -p /etc/nginx cd "$BUILD_PATH" From 490e872b4ab779b811d4828502309971c348f6ba Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Sun, 8 Jan 2023 22:21:28 +0100 Subject: [PATCH 460/494] update OpenTelemetry image (#9491) * update OpenTelemetry image * helm-doc --- charts/ingress-nginx/README.md | 2 +- charts/ingress-nginx/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index e4ef9ec1b..57f4ea072 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -393,7 +393,7 @@ Kubernetes: `>=1.20.0-0` | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | | controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | | controller.opentelemetry.enabled | bool | `false` | | -| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c"` | | +| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230107-helm-chart-4.4.2-2-g96b3d2165@sha256:331b9bebd6acfcd2d3048abbdd86555f5be76b7e3d0b5af4300b04235c6056c9"` | | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata | | controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index b7089addb..26252ac29 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -593,7 +593,7 @@ controller: opentelemetry: enabled: false - image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c + image: registry.k8s.io/ingress-nginx/opentelemetry:v20230107-helm-chart-4.4.2-2-g96b3d2165@sha256:331b9bebd6acfcd2d3048abbdd86555f5be76b7e3d0b5af4300b04235c6056c9 containerSecurityContext: allowPrivilegeEscalation: false From 5b0403314c61e8f28a5a5c6b30c5fa36c7b34114 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Sun, 8 Jan 2023 22:59:28 +0100 Subject: [PATCH 461/494] Admission Webhooks/Job: Add `NetworkPolicy`. (#9218) --- .../job-patch/clusterrolebinding.yaml | 2 +- .../job-patch/networkpolicy.yaml | 26 +++++++++++++++++++ .../admission-webhooks/job-patch/role.yaml | 2 +- 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index 002abd43b..871953261 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.fullname" . }}-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml new file mode 100644 index 000000000..08b32257c --- /dev/null +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.networkPolicyEnabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "ingress-nginx.labels" . | nindent 6 }} + app.kubernetes.io/component: admission-webhook + policyTypes: + - Ingress + - Egress + egress: + - {} +{{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml index 2aab6f4b1..ea7c20818 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.fullname" . }}-admission namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade From f82e29a7302d1219c30726588c8e3aa0409fcfe2 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Sun, 8 Jan 2023 23:25:27 +0100 Subject: [PATCH 462/494] add github actions stale bot (#9439) Signed-off-by: cpanato Signed-off-by: cpanato --- .github/workflows/stale.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/stale.yaml diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml new file mode 100644 index 000000000..736585e05 --- /dev/null +++ b/.github/workflows/stale.yaml @@ -0,0 +1,24 @@ +name: 'Stale Issues and PRs' + +on: + schedule: + - cron: '30 1 * * *' + +jobs: + stale: + runs-on: ubuntu-latest + + permissions: + issues: write + pull-requests: write + + steps: + - uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b # v7.0.0 + with: + stale-issue-message: 'This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack.' + stale-pr-message: 'This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack.' + stale-issue-label: lifecycle/frozen + stale-pr-label: lifecycle/frozen + days-before-issue-stale: 30 + days-before-pr-stale: 45 + days-before-close: -1 # dont not close issues/prs From 0b34a037ce41efacbbb1fe13ea0fea617452458b Mon Sep 17 00:00:00 2001 From: Naseem Ullah <24660299+naseemkullah@users.noreply.github.com> Date: Sun, 8 Jan 2023 17:27:28 -0500 Subject: [PATCH 463/494] Update monitoring.md (#9269) --- docs/user-guide/monitoring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index 5c53213ea..cc9fb91ec 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -357,7 +357,7 @@ Prometheus metrics are exposed on port 10254. * `nginx_ingress_controller_request_duration_seconds` Histogram - The request processing time in milliseconds (affected by client speed) + The request processing time in seconds (affected by client speed) nginx var: `request_time` From 9926f1d642335b57c05b79ce00e5e55904cca6e4 Mon Sep 17 00:00:00 2001 From: Julien Pellet Date: Sun, 8 Jan 2023 17:29:27 -0500 Subject: [PATCH 464/494] Fix indentation on serviceAccount annotation (#9129) From bbf7c79f96d54e3815c28c0e4ca54334a902925d Mon Sep 17 00:00:00 2001 From: yutachaos <18604471+yutachaos@users.noreply.github.com> Date: Mon, 9 Jan 2023 07:37:27 +0900 Subject: [PATCH 465/494] Add update updateStrategy and minReadySeconds for defaultBackend (#8506) * Add update updateStrategy and minReadySeconds for defaultBackend * Bump chart * Fixed docs helm-docs version --- charts/ingress-nginx/README.md | 2 ++ .../templates/default-backend-deployment.yaml | 5 +++++ charts/ingress-nginx/values.yaml | 11 +++++++++++ 3 files changed, 18 insertions(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 57f4ea072..00d85156e 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -481,6 +481,7 @@ Kubernetes: `>=1.20.0-0` | defaultBackend.livenessProbe.successThreshold | int | `1` | | | defaultBackend.livenessProbe.timeoutSeconds | int | `5` | | | defaultBackend.minAvailable | int | `1` | | +| defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | defaultBackend.name | string | `"defaultbackend"` | | | defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | | defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # | @@ -504,6 +505,7 @@ Kubernetes: `>=1.20.0-0` | defaultBackend.serviceAccount.create | bool | `true` | | | defaultBackend.serviceAccount.name | string | `""` | | | defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | | podSecurityPolicy.enabled | bool | `false` | | diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index fd3e96e9e..87aced49d 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -19,6 +19,11 @@ spec: replicas: {{ .Values.defaultBackend.replicaCount }} {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- if .Values.defaultBackend.updateStrategy }} + strategy: + {{ toYaml .Values.defaultBackend.updateStrategy | nindent 4 }} + {{- end }} + minReadySeconds: {{ .Values.defaultBackend.minReadySeconds }} template: metadata: {{- if .Values.defaultBackend.podAnnotations }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 26252ac29..a7fab0fe9 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -841,6 +841,17 @@ defaultBackend: successThreshold: 1 timeoutSeconds: 5 + # -- The update strategy to apply to the Deployment or DaemonSet + ## + updateStrategy: {} + # rollingUpdate: + # maxUnavailable: 1 + # type: RollingUpdate + + # -- `minReadySeconds` to avoid killing pods before we are ready + ## + minReadySeconds: 0 + # -- Node tolerations for server scheduling to nodes with taints ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ ## From 8ed3a27e255aef5616de631986f8cbfc1b882a5a Mon Sep 17 00:00:00 2001 From: Phil Nichol <35630607+philnichol@users.noreply.github.com> Date: Sun, 8 Jan 2023 22:43:28 +0000 Subject: [PATCH 466/494] Adding ipdenylist annotation (#8795) * feat: Add support for IP Deny List * fixed gomod * Update package * go mod tidy * Revert "go mod tidy" This reverts commit e6a837e1e76d72115e8727a33d2f4c1cd7249f1f. * update ginko version * Updates e2e tests * fix test typo --- .../nginx-configuration/annotations.md | 12 + .../nginx-configuration/configmap.md | 6 + internal/ingress/annotations/annotations.go | 3 + .../ingress/annotations/ipdenylist/main.go | 95 + .../annotations/ipdenylist/main_test.go | 216 ++ internal/ingress/controller/config/config.go | 1 + internal/ingress/controller/controller.go | 1 + .../ingress/controller/template/configmap.go | 8 + .../controller/template/configmap_test.go | 2 + internal/ingress/defaults/main.go | 4 + pkg/apis/ingress/types.go | 6 + pkg/apis/ingress/types_equals.go | 3 + rootfs/etc/nginx/template/nginx.tmpl | 4 + test/data/config.json | 3060 +++++++++++++++++ test/e2e/annotations/ipdenylist.go | 147 + 15 files changed, 3568 insertions(+) create mode 100644 internal/ingress/annotations/ipdenylist/main.go create mode 100644 internal/ingress/annotations/ipdenylist/main_test.go create mode 100644 test/e2e/annotations/ipdenylist.go diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 49e252589..8cc6f4c16 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -109,6 +109,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/x-forwarded-prefix](#x-forwarded-prefix-header)|string| |[nginx.ingress.kubernetes.io/load-balance](#custom-nginx-load-balancing)|string| |[nginx.ingress.kubernetes.io/upstream-vhost](#custom-nginx-upstream-vhost)|string| +|[nginx.ingress.kubernetes.io/denylist-source-range](#denylist-source-range)|CIDR| |[nginx.ingress.kubernetes.io/whitelist-source-range](#whitelist-source-range)|CIDR| |[nginx.ingress.kubernetes.io/proxy-buffering](#proxy-buffering)|string| |[nginx.ingress.kubernetes.io/proxy-buffers-number](#proxy-buffers-number)|number| @@ -638,6 +639,17 @@ To enable this feature use the annotation `nginx.ingress.kubernetes.io/from-to-w !!! attention For HTTPS to HTTPS redirects is mandatory the SSL Certificate defined in the Secret, located in the TLS section of Ingress, contains both FQDN in the common name of the certificate. +### Denylist source range + +You can specify blocked client IP source ranges through the `nginx.ingress.kubernetes.io/denylist-source-range` annotation. +The value is a comma separated list of [CIDRs](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing), e.g. `10.0.0.0/24,172.10.0.1`. + +To configure this setting globally for all Ingress rules, the `denylist-source-range` value may be set in the [NGINX ConfigMap](./configmap.md#denylist-source-range). + +!!! note + Adding an annotation to an Ingress rule overrides any global restriction. + + ### Whitelist source range You can specify allowed client IP source ranges through the `nginx.ingress.kubernetes.io/whitelist-source-range` annotation. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index f5d22d11c..77cee0507 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -176,6 +176,7 @@ The following table shows a configuration option's name, type, and the default v |[proxy-request-buffering](#proxy-request-buffering)|string|"on"| |[ssl-redirect](#ssl-redirect)|bool|"true"| |[force-ssl-redirect](#force-ssl-redirect)|bool|"false"| +|[denylist-source-range](#denylist-source-range)|[]string|[]string{}| |[whitelist-source-range](#whitelist-source-range)|[]string|[]string{}| |[skip-access-log-urls](#skip-access-log-urls)|[]string|[]string{}| |[limit-rate](#limit-rate)|int|0| @@ -1096,6 +1097,11 @@ _**default:**_ "true" Sets the global value of redirects (308) to HTTPS if the server has a default TLS certificate (defined in extra-args). _**default:**_ "false" +## denylist-source-range + +Sets the default denylisted IPs for each `server` block. This can be overwritten by an annotation on an Ingress rule. +See [ngx_http_access_module](https://nginx.org/en/docs/http/ngx_http_access_module.html). + ## whitelist-source-range Sets the default whitelisted IPs for each `server` block. This can be overwritten by an annotation on an Ingress rule. diff --git a/internal/ingress/annotations/annotations.go b/internal/ingress/annotations/annotations.go index fe7400ac7..14415a4f7 100644 --- a/internal/ingress/annotations/annotations.go +++ b/internal/ingress/annotations/annotations.go @@ -44,6 +44,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/http2pushpreload" "k8s.io/ingress-nginx/internal/ingress/annotations/influxdb" + "k8s.io/ingress-nginx/internal/ingress/annotations/ipdenylist" "k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist" "k8s.io/ingress-nginx/internal/ingress/annotations/loadbalancing" "k8s.io/ingress-nginx/internal/ingress/annotations/log" @@ -110,6 +111,7 @@ type Ingress struct { LoadBalancing string UpstreamVhost string Whitelist ipwhitelist.SourceRange + Denylist ipdenylist.SourceRange XForwardedPrefix string SSLCipher sslcipher.Config Logs log.Config @@ -160,6 +162,7 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor { "LoadBalancing": loadbalancing.NewParser(cfg), "UpstreamVhost": upstreamvhost.NewParser(cfg), "Whitelist": ipwhitelist.NewParser(cfg), + "Denylist": ipdenylist.NewParser(cfg), "XForwardedPrefix": xforwardedprefix.NewParser(cfg), "SSLCipher": sslcipher.NewParser(cfg), "Logs": log.NewParser(cfg), diff --git a/internal/ingress/annotations/ipdenylist/main.go b/internal/ingress/annotations/ipdenylist/main.go new file mode 100644 index 000000000..f6a0e10f1 --- /dev/null +++ b/internal/ingress/annotations/ipdenylist/main.go @@ -0,0 +1,95 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ipdenylist + +import ( + "fmt" + "sort" + "strings" + + networking "k8s.io/api/networking/v1" + "k8s.io/ingress-nginx/internal/net" + + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + ing_errors "k8s.io/ingress-nginx/internal/ingress/errors" + "k8s.io/ingress-nginx/internal/ingress/resolver" + "k8s.io/ingress-nginx/pkg/util/sets" +) + +// SourceRange returns the CIDR +type SourceRange struct { + CIDR []string `json:"cidr,omitempty"` +} + +// Equal tests for equality between two SourceRange types +func (sr1 *SourceRange) Equal(sr2 *SourceRange) bool { + if sr1 == sr2 { + return true + } + if sr1 == nil || sr2 == nil { + return false + } + + return sets.StringElementsMatch(sr1.CIDR, sr2.CIDR) +} + +type ipdenylist struct { + r resolver.Resolver +} + +// NewParser creates a new denylist annotation parser +func NewParser(r resolver.Resolver) parser.IngressAnnotation { + return ipdenylist{r} +} + +// ParseAnnotations parses the annotations contained in the ingress +// rule used to limit access to certain client addresses or networks. +// Multiple ranges can specified using commas as separator +// e.g. `18.0.0.0/8,56.0.0.0/8` +func (a ipdenylist) Parse(ing *networking.Ingress) (interface{}, error) { + defBackend := a.r.GetDefaultBackend() + + defaultDenylistSourceRange := make([]string, len(defBackend.DenylistSourceRange)) + copy(defaultDenylistSourceRange, defBackend.DenylistSourceRange) + sort.Strings(defaultDenylistSourceRange) + + val, err := parser.GetStringAnnotation("denylist-source-range", ing) + // A missing annotation is not a problem, just use the default + if err == ing_errors.ErrMissingAnnotations { + return &SourceRange{CIDR: defaultDenylistSourceRange}, nil + } + + values := strings.Split(val, ",") + ipnets, ips, err := net.ParseIPNets(values...) + if err != nil && len(ips) == 0 { + return &SourceRange{CIDR: defaultDenylistSourceRange}, ing_errors.LocationDenied{ + Reason: fmt.Errorf("the annotation does not contain a valid IP address or network: %w", err), + } + } + + cidrs := []string{} + for k := range ipnets { + cidrs = append(cidrs, k) + } + for k := range ips { + cidrs = append(cidrs, k) + } + + sort.Strings(cidrs) + + return &SourceRange{cidrs}, nil +} diff --git a/internal/ingress/annotations/ipdenylist/main_test.go b/internal/ingress/annotations/ipdenylist/main_test.go new file mode 100644 index 000000000..eb69aa520 --- /dev/null +++ b/internal/ingress/annotations/ipdenylist/main_test.go @@ -0,0 +1,216 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ipdenylist + +import ( + "testing" + + api "k8s.io/api/core/v1" + networking "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + "k8s.io/ingress-nginx/internal/ingress/defaults" + "k8s.io/ingress-nginx/internal/ingress/resolver" +) + +func buildIngress() *networking.Ingress { + defaultBackend := networking.IngressBackend{ + Service: &networking.IngressServiceBackend{ + Name: "default-backend", + Port: networking.ServiceBackendPort{ + Number: 80, + }, + }, + } + + return &networking.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "foo", + Namespace: api.NamespaceDefault, + }, + Spec: networking.IngressSpec{ + DefaultBackend: &networking.IngressBackend{ + Service: &networking.IngressServiceBackend{ + Name: "default-backend", + Port: networking.ServiceBackendPort{ + Number: 80, + }, + }, + }, + Rules: []networking.IngressRule{ + { + Host: "foo.bar.com", + IngressRuleValue: networking.IngressRuleValue{ + HTTP: &networking.HTTPIngressRuleValue{ + Paths: []networking.HTTPIngressPath{ + { + Path: "/foo", + Backend: defaultBackend, + }, + }, + }, + }, + }, + }, + }, + } +} + +func TestParseAnnotations(t *testing.T) { + ing := buildIngress() + tests := map[string]struct { + net string + expectCidr []string + expectErr bool + errOut string + }{ + "test parse a valid net": { + net: "10.0.0.0/24", + expectCidr: []string{"10.0.0.0/24"}, + expectErr: false, + }, + "test parse a invalid net": { + net: "ww", + expectErr: true, + errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ww", + }, + "test parse a empty net": { + net: "", + expectErr: true, + errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ", + }, + "test parse a malicious escaped string": { + net: `10.0.0.0/8"rm /tmp",11.0.0.0/8`, + expectErr: true, + errOut: `the annotation does not contain a valid IP address or network: invalid CIDR address: 10.0.0.0/8"rm /tmp"`, + }, + "test parse multiple valid cidr": { + net: "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24", + expectCidr: []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"}, + expectErr: false, + }, + } + + for testName, test := range tests { + data := map[string]string{} + data[parser.GetAnnotationWithPrefix("denylist-source-range")] = test.net + ing.SetAnnotations(data) + p := NewParser(&resolver.Mock{}) + i, err := p.Parse(ing) + if err != nil && !test.expectErr { + t.Errorf("%v:unexpected error: %v", testName, err) + } + if test.expectErr { + if err.Error() != test.errOut { + t.Errorf("%v:expected error: %v but %v return", testName, test.errOut, err.Error()) + } + } + if !test.expectErr { + sr, ok := i.(*SourceRange) + if !ok { + t.Errorf("%v:expected a SourceRange type", testName) + } + if !strsEquals(sr.CIDR, test.expectCidr) { + t.Errorf("%v:expected %v CIDR but %v returned", testName, test.expectCidr, sr.CIDR) + } + } + } +} + +type mockBackend struct { + resolver.Mock +} + +// GetDefaultBackend returns the backend that must be used as default +func (m mockBackend) GetDefaultBackend() defaults.Backend { + return defaults.Backend{ + DenylistSourceRange: []string{"4.4.4.0/24", "1.2.3.4/32"}, + } +} + +// Test that when we have a denylist set on the Backend that is used when we +// don't have the annotation +func TestParseAnnotationsWithDefaultConfig(t *testing.T) { + ing := buildIngress() + + mockBackend := mockBackend{} + + tests := map[string]struct { + net string + expectCidr []string + expectErr bool + errOut string + }{ + "test parse a valid net": { + net: "10.0.0.0/24", + expectCidr: []string{"10.0.0.0/24"}, + expectErr: false, + }, + "test parse a invalid net": { + net: "ww", + expectErr: true, + errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ww", + }, + "test parse a empty net": { + net: "", + expectErr: true, + errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ", + }, + "test parse multiple valid cidr": { + net: "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24", + expectCidr: []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"}, + expectErr: false, + }, + } + + for testName, test := range tests { + data := map[string]string{} + data[parser.GetAnnotationWithPrefix("denylist-source-range")] = test.net + ing.SetAnnotations(data) + p := NewParser(mockBackend) + i, err := p.Parse(ing) + if err != nil && !test.expectErr { + t.Errorf("%v:unexpected error: %v", testName, err) + } + if test.expectErr { + if err.Error() != test.errOut { + t.Errorf("%v:expected error: %v but %v return", testName, test.errOut, err.Error()) + } + } + if !test.expectErr { + sr, ok := i.(*SourceRange) + if !ok { + t.Errorf("%v:expected a SourceRange type", testName) + } + if !strsEquals(sr.CIDR, test.expectCidr) { + t.Errorf("%v:expected %v CIDR but %v returned", testName, test.expectCidr, sr.CIDR) + } + } + } +} + +func strsEquals(a, b []string) bool { + if len(a) != len(b) { + return false + } + for i, v := range a { + if v != b[i] { + return false + } + } + return true +} diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 8bf71b774..f064dad53 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -895,6 +895,7 @@ func NewDefault() Configuration { PreserveTrailingSlash: false, SSLRedirect: true, CustomHTTPErrors: []int{}, + DenylistSourceRange: []string{}, WhitelistSourceRange: []string{}, SkipAccessLogURLs: []string{}, LimitRate: 0, diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index f60f7a053..8eee56647 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -1412,6 +1412,7 @@ func locationApplyAnnotations(loc *ingress.Location, anns *annotations.Ingress) loc.Redirect = anns.Redirect loc.Rewrite = anns.Rewrite loc.UpstreamVhost = anns.UpstreamVhost + loc.Denylist = anns.Denylist loc.Whitelist = anns.Whitelist loc.Denied = anns.Denied loc.XForwardedPrefix = anns.XForwardedPrefix diff --git a/internal/ingress/controller/template/configmap.go b/internal/ingress/controller/template/configmap.go index 35a0e4536..61e8e4998 100644 --- a/internal/ingress/controller/template/configmap.go +++ b/internal/ingress/controller/template/configmap.go @@ -41,6 +41,7 @@ const ( customHTTPErrors = "custom-http-errors" skipAccessLogUrls = "skip-access-log-urls" whitelistSourceRange = "whitelist-source-range" + denylistSourceRange = "denylist-source-range" proxyRealIPCIDR = "proxy-real-ip-cidr" bindAddress = "bind-address" httpRedirectCode = "http-redirect-code" @@ -100,6 +101,7 @@ func ReadConfig(src map[string]string) config.Configuration { to := config.NewDefault() errors := make([]int, 0) skipUrls := make([]string, 0) + denyList := make([]string, 0) whiteList := make([]string, 0) proxyList := make([]string, 0) hideHeadersList := make([]string, 0) @@ -169,6 +171,11 @@ func ReadConfig(src map[string]string) config.Configuration { skipUrls = splitAndTrimSpace(val, ",") } + if val, ok := conf[denylistSourceRange]; ok { + delete(conf, denylistSourceRange) + denyList = append(denyList, splitAndTrimSpace(val, ",")...) + } + if val, ok := conf[whitelistSourceRange]; ok { delete(conf, whitelistSourceRange) whiteList = append(whiteList, splitAndTrimSpace(val, ",")...) @@ -395,6 +402,7 @@ func ReadConfig(src map[string]string) config.Configuration { to.CustomHTTPErrors = filterErrors(errors) to.SkipAccessLogURLs = skipUrls + to.DenylistSourceRange = denyList to.WhitelistSourceRange = whiteList to.ProxyRealIPCIDR = proxyList to.BindAddressIpv4 = bindAddressIpv4List diff --git a/internal/ingress/controller/template/configmap_test.go b/internal/ingress/controller/template/configmap_test.go index be3ffb0ce..c662e0bc7 100644 --- a/internal/ingress/controller/template/configmap_test.go +++ b/internal/ingress/controller/template/configmap_test.go @@ -149,6 +149,7 @@ func TestMergeConfigMapToStruct(t *testing.T) { def = config.NewDefault() def.LuaSharedDicts = defaultLuaSharedDicts + def.DenylistSourceRange = []string{"2.2.2.2/32"} def.WhitelistSourceRange = []string{"1.1.1.1/32"} def.DisableIpv6DNS = true @@ -161,6 +162,7 @@ func TestMergeConfigMapToStruct(t *testing.T) { def.Checksum = fmt.Sprintf("%v", hash) to = ReadConfig(map[string]string{ + "denylist-source-range": "2.2.2.2/32", "whitelist-source-range": "1.1.1.1/32", "disable-ipv6-dns": "true", }) diff --git a/internal/ingress/defaults/main.go b/internal/ingress/defaults/main.go index bc9734257..0aab2ff47 100644 --- a/internal/ingress/defaults/main.go +++ b/internal/ingress/defaults/main.go @@ -139,6 +139,10 @@ type Backend struct { // http://nginx.org/en/docs/http/ngx_http_access_module.html WhitelistSourceRange []string `json:"whitelist-source-range"` + // DenylistSourceRange allows limiting access to certain client addresses + // http://nginx.org/en/docs/http/ngx_http_access_module.html + DenylistSourceRange []string `json:"denylist-source-range"` + // Limits the rate of response transmission to a client. // The rate is specified in bytes per second. The zero value disables rate limiting. // The limit is set per a request, and so if a client simultaneously opens two connections, diff --git a/pkg/apis/ingress/types.go b/pkg/apis/ingress/types.go index 7c1c825b7..9395683ec 100644 --- a/pkg/apis/ingress/types.go +++ b/pkg/apis/ingress/types.go @@ -30,6 +30,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/fastcgi" "k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/influxdb" + "k8s.io/ingress-nginx/internal/ingress/annotations/ipdenylist" "k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist" "k8s.io/ingress-nginx/internal/ingress/annotations/log" "k8s.io/ingress-nginx/internal/ingress/annotations/mirror" @@ -222,6 +223,7 @@ type Server struct { // In some cases when more than one annotations is defined a particular order in the execution // is required. // The chain in the execution order of annotations should be: +// - Denylist // - Whitelist // - RateLimit // - BasicDigestAuth @@ -292,6 +294,10 @@ type Location struct { // Rewrite describes the redirection this location. // +optional Rewrite rewrite.Config `json:"rewrite,omitempty"` + // Denylist indicates only connections from certain client + // addresses or networks are allowed. + // +optional + Denylist ipdenylist.SourceRange `json:"denylist,omitempty"` // Whitelist indicates only connections from certain client // addresses or networks are allowed. // +optional diff --git a/pkg/apis/ingress/types_equals.go b/pkg/apis/ingress/types_equals.go index a954a253b..0941e0956 100644 --- a/pkg/apis/ingress/types_equals.go +++ b/pkg/apis/ingress/types_equals.go @@ -401,6 +401,9 @@ func (l1 *Location) Equal(l2 *Location) bool { if !(&l1.Rewrite).Equal(&l2.Rewrite) { return false } + if !(&l1.Denylist).Equal(&l2.Denylist) { + return false + } if !(&l1.Whitelist).Equal(&l2.Whitelist) { return false } diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 3ace12bc3..02c5637f0 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -1262,6 +1262,10 @@ stream { {{ buildModSecurityForLocation $all.Cfg $location }} {{ if isLocationAllowed $location }} + {{ if gt (len $location.Denylist.CIDR) 0 }} + {{ range $ip := $location.Denylist.CIDR }} + deny {{ $ip }};{{ end }} + {{ end }} {{ if gt (len $location.Whitelist.CIDR) 0 }} {{ range $ip := $location.Whitelist.CIDR }} allow {{ $ip }};{{ end }} diff --git a/test/data/config.json b/test/data/config.json index b506399bd..5d8a88cbe 100644 --- a/test/data/config.json +++ b/test/data/config.json @@ -100,6 +100,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": ["1.1.1.1"] + }, "whitelist": { "cidr": ["1.1.1.1"] }, @@ -150,6 +153,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": ["1.1.1.1"] + }, "whitelist": { "cidr": ["1.1.1.1"] }, @@ -206,6 +212,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -256,6 +265,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -306,6 +318,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": null + }, "whitelist": { "cidr": null }, @@ -362,6 +377,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": null + }, "whitelist": { "cidr": null }, @@ -418,6 +436,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -474,6 +495,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -530,6 +554,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -586,6 +613,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -642,6 +672,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -698,6 +731,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -754,6 +790,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -810,6 +849,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -866,6 +908,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -922,6 +967,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -978,6 +1026,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1034,6 +1085,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1090,6 +1144,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1146,6 +1203,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1202,6 +1262,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1258,6 +1321,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1314,6 +1380,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1370,6 +1439,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1426,6 +1498,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1482,6 +1557,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1538,6 +1616,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1594,6 +1675,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1650,6 +1734,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1706,6 +1793,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1762,6 +1852,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1818,6 +1911,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1874,6 +1970,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1930,6 +2029,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1986,6 +2088,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2042,6 +2147,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2098,6 +2206,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2154,6 +2265,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2210,6 +2324,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2266,6 +2383,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2322,6 +2442,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2378,6 +2501,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2434,6 +2560,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2490,6 +2619,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2546,6 +2678,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2602,6 +2737,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2658,6 +2796,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2714,6 +2855,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2770,6 +2914,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2826,6 +2973,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2882,6 +3032,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2938,6 +3091,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2994,6 +3150,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3050,6 +3209,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3106,6 +3268,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3162,6 +3327,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3218,6 +3386,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3274,6 +3445,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3330,6 +3504,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3386,6 +3563,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3442,6 +3622,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3498,6 +3681,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3554,6 +3740,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3610,6 +3799,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3666,6 +3858,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3722,6 +3917,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3778,6 +3976,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3834,6 +4035,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3890,6 +4094,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3946,6 +4153,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4002,6 +4212,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4058,6 +4271,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4114,6 +4330,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4170,6 +4389,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4226,6 +4448,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4282,6 +4507,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4338,6 +4566,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4394,6 +4625,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4450,6 +4684,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4506,6 +4743,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4562,6 +4802,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4618,6 +4861,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4674,6 +4920,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4730,6 +4979,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4786,6 +5038,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4842,6 +5097,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4898,6 +5156,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4954,6 +5215,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5010,6 +5274,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5066,6 +5333,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5122,6 +5392,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5178,6 +5451,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5234,6 +5510,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5290,6 +5569,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5346,6 +5628,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5402,6 +5687,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5458,6 +5746,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5514,6 +5805,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5570,6 +5864,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5626,6 +5923,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5682,6 +5982,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5738,6 +6041,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5794,6 +6100,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5850,6 +6159,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5906,6 +6218,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5962,6 +6277,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6018,6 +6336,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6074,6 +6395,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6130,6 +6454,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6186,6 +6513,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6242,6 +6572,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6298,6 +6631,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6354,6 +6690,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6410,6 +6749,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6466,6 +6808,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6522,6 +6867,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6578,6 +6926,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6634,6 +6985,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6690,6 +7044,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6746,6 +7103,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6802,6 +7162,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6858,6 +7221,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6914,6 +7280,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6970,6 +7339,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7026,6 +7398,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7082,6 +7457,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7138,6 +7516,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7194,6 +7575,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7250,6 +7634,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7306,6 +7693,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7362,6 +7752,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7418,6 +7811,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7474,6 +7870,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7530,6 +7929,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7586,6 +7988,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7642,6 +8047,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7698,6 +8106,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7754,6 +8165,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7810,6 +8224,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7866,6 +8283,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7922,6 +8342,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7978,6 +8401,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8034,6 +8460,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8090,6 +8519,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8146,6 +8578,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8202,6 +8637,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8258,6 +8696,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8314,6 +8755,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8370,6 +8814,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8426,6 +8873,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8482,6 +8932,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8538,6 +8991,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8594,6 +9050,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8650,6 +9109,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8706,6 +9168,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8762,6 +9227,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8818,6 +9286,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8874,6 +9345,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8930,6 +9404,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8986,6 +9463,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9042,6 +9522,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9098,6 +9581,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9154,6 +9640,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9210,6 +9699,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9266,6 +9758,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9322,6 +9817,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9378,6 +9876,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9434,6 +9935,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9490,6 +9994,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9546,6 +10053,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9602,6 +10112,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9658,6 +10171,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9714,6 +10230,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9770,6 +10289,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9826,6 +10348,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9882,6 +10407,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9938,6 +10466,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9994,6 +10525,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10050,6 +10584,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10106,6 +10643,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10162,6 +10702,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10218,6 +10761,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10274,6 +10820,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10330,6 +10879,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10386,6 +10938,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10442,6 +10997,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10498,6 +11056,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10554,6 +11115,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10610,6 +11174,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10666,6 +11233,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10722,6 +11292,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10778,6 +11351,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10834,6 +11410,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10890,6 +11469,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10946,6 +11528,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11002,6 +11587,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11058,6 +11646,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11114,6 +11705,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11170,6 +11764,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11226,6 +11823,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11282,6 +11882,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11338,6 +11941,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11394,6 +12000,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11450,6 +12059,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11506,6 +12118,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11562,6 +12177,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11618,6 +12236,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11674,6 +12295,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11730,6 +12354,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11786,6 +12413,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11842,6 +12472,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11898,6 +12531,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11954,6 +12590,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12010,6 +12649,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12066,6 +12708,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12122,6 +12767,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12178,6 +12826,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12234,6 +12885,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12290,6 +12944,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12346,6 +13003,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12402,6 +13062,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12458,6 +13121,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12514,6 +13180,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12570,6 +13239,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12626,6 +13298,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12682,6 +13357,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12738,6 +13416,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12794,6 +13475,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12850,6 +13534,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12906,6 +13593,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12962,6 +13652,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13018,6 +13711,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13074,6 +13770,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13130,6 +13829,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13186,6 +13888,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13242,6 +13947,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13298,6 +14006,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13354,6 +14065,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13410,6 +14124,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13466,6 +14183,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13522,6 +14242,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13578,6 +14301,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13634,6 +14360,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13690,6 +14419,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13746,6 +14478,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13802,6 +14537,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13858,6 +14596,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13914,6 +14655,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13970,6 +14714,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14026,6 +14773,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14082,6 +14832,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14138,6 +14891,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14194,6 +14950,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14250,6 +15009,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14306,6 +15068,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14362,6 +15127,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14418,6 +15186,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14474,6 +15245,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14530,6 +15304,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14586,6 +15363,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14642,6 +15422,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14698,6 +15481,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14754,6 +15540,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14810,6 +15599,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14866,6 +15658,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14922,6 +15717,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14978,6 +15776,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15034,6 +15835,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15090,6 +15894,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15146,6 +15953,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15202,6 +16012,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15258,6 +16071,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15314,6 +16130,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15370,6 +16189,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15426,6 +16248,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15482,6 +16307,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15538,6 +16366,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15594,6 +16425,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15650,6 +16484,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15706,6 +16543,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15762,6 +16602,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15818,6 +16661,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15874,6 +16720,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15930,6 +16779,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15986,6 +16838,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16042,6 +16897,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16098,6 +16956,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16154,6 +17015,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16210,6 +17074,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16266,6 +17133,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16322,6 +17192,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16378,6 +17251,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16434,6 +17310,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16490,6 +17369,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16546,6 +17428,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16602,6 +17487,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16658,6 +17546,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16714,6 +17605,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16770,6 +17664,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16826,6 +17723,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16882,6 +17782,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16938,6 +17841,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16994,6 +17900,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17050,6 +17959,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17106,6 +18018,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17162,6 +18077,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17218,6 +18136,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17274,6 +18195,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17330,6 +18254,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17386,6 +18313,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17442,6 +18372,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17498,6 +18431,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17554,6 +18490,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17610,6 +18549,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17666,6 +18608,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17722,6 +18667,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17778,6 +18726,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17834,6 +18785,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17890,6 +18844,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17946,6 +18903,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18002,6 +18962,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18058,6 +19021,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18114,6 +19080,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18170,6 +19139,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18226,6 +19198,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18282,6 +19257,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18338,6 +19316,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18394,6 +19375,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18450,6 +19434,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18506,6 +19493,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18562,6 +19552,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18618,6 +19611,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18674,6 +19670,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18730,6 +19729,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18786,6 +19788,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18842,6 +19847,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18898,6 +19906,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18954,6 +19965,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19010,6 +20024,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19066,6 +20083,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19122,6 +20142,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19178,6 +20201,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19234,6 +20260,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19290,6 +20319,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19346,6 +20378,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19402,6 +20437,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19458,6 +20496,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19514,6 +20555,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19570,6 +20614,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19626,6 +20673,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19682,6 +20732,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19738,6 +20791,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19794,6 +20850,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19850,6 +20909,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19906,6 +20968,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19962,6 +21027,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20018,6 +21086,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20074,6 +21145,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20130,6 +21204,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20186,6 +21263,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20242,6 +21322,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20298,6 +21381,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20354,6 +21440,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20410,6 +21499,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20466,6 +21558,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20522,6 +21617,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20578,6 +21676,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20634,6 +21735,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20690,6 +21794,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20746,6 +21853,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20802,6 +21912,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20858,6 +21971,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20914,6 +22030,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20970,6 +22089,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21026,6 +22148,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21082,6 +22207,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21138,6 +22266,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21194,6 +22325,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21250,6 +22384,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21306,6 +22443,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21362,6 +22502,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21418,6 +22561,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21474,6 +22620,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21530,6 +22679,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21586,6 +22738,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21642,6 +22797,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21698,6 +22856,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21754,6 +22915,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21810,6 +22974,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21866,6 +23033,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21922,6 +23092,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21978,6 +23151,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22034,6 +23210,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22090,6 +23269,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22146,6 +23328,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22202,6 +23387,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22258,6 +23446,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22314,6 +23505,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22370,6 +23564,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22426,6 +23623,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22482,6 +23682,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22538,6 +23741,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22594,6 +23800,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22650,6 +23859,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22706,6 +23918,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22762,6 +23977,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22818,6 +24036,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22874,6 +24095,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22930,6 +24154,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22986,6 +24213,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23042,6 +24272,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23098,6 +24331,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23154,6 +24390,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23210,6 +24449,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23266,6 +24508,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23322,6 +24567,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23378,6 +24626,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23434,6 +24685,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23490,6 +24744,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23546,6 +24803,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23602,6 +24862,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23658,6 +24921,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23714,6 +24980,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23770,6 +25039,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23826,6 +25098,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23882,6 +25157,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23938,6 +25216,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23994,6 +25275,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24050,6 +25334,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24106,6 +25393,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24162,6 +25452,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24218,6 +25511,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24274,6 +25570,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24330,6 +25629,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24386,6 +25688,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24442,6 +25747,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24498,6 +25806,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24554,6 +25865,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24610,6 +25924,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24666,6 +25983,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24722,6 +26042,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24778,6 +26101,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24834,6 +26160,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24890,6 +26219,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24946,6 +26278,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25002,6 +26337,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25058,6 +26396,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25114,6 +26455,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25170,6 +26514,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25226,6 +26573,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25282,6 +26632,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25338,6 +26691,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25394,6 +26750,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25450,6 +26809,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25506,6 +26868,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25562,6 +26927,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25618,6 +26986,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25674,6 +27045,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25730,6 +27104,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25786,6 +27163,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25842,6 +27222,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25898,6 +27281,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25954,6 +27340,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26010,6 +27399,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26066,6 +27458,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26122,6 +27517,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26178,6 +27576,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26234,6 +27635,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26290,6 +27694,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26346,6 +27753,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26402,6 +27812,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26458,6 +27871,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26514,6 +27930,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26570,6 +27989,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26626,6 +28048,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26682,6 +28107,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26738,6 +28166,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26794,6 +28225,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26850,6 +28284,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26906,6 +28343,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26962,6 +28402,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27018,6 +28461,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27074,6 +28520,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27130,6 +28579,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27186,6 +28638,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27242,6 +28697,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27298,6 +28756,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27354,6 +28815,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27410,6 +28874,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27466,6 +28933,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27522,6 +28992,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27578,6 +29051,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27634,6 +29110,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27690,6 +29169,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27746,6 +29228,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27802,6 +29287,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27858,6 +29346,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27914,6 +29405,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27970,6 +29464,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28026,6 +29523,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28082,6 +29582,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28138,6 +29641,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28194,6 +29700,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28250,6 +29759,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28306,6 +29818,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28362,6 +29877,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28418,6 +29936,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28474,6 +29995,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28530,6 +30054,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28586,6 +30113,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28642,6 +30172,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28698,6 +30231,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28754,6 +30290,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28810,6 +30349,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28866,6 +30408,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28922,6 +30467,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28978,6 +30526,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29034,6 +30585,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29090,6 +30644,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29146,6 +30703,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29202,6 +30762,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29258,6 +30821,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29314,6 +30880,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29370,6 +30939,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29426,6 +30998,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29482,6 +31057,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29538,6 +31116,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29594,6 +31175,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29650,6 +31234,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29706,6 +31293,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29762,6 +31352,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29818,6 +31411,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29874,6 +31470,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29930,6 +31529,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29986,6 +31588,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30042,6 +31647,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30098,6 +31706,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30154,6 +31765,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30210,6 +31824,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30266,6 +31883,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30322,6 +31942,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30378,6 +32001,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30434,6 +32060,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30490,6 +32119,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30546,6 +32178,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30602,6 +32237,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30658,6 +32296,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30714,6 +32355,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30770,6 +32414,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30826,6 +32473,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30882,6 +32532,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30938,6 +32591,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30994,6 +32650,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31050,6 +32709,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31106,6 +32768,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31162,6 +32827,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31218,6 +32886,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31274,6 +32945,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31330,6 +33004,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31386,6 +33063,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31442,6 +33122,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31498,6 +33181,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31554,6 +33240,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31610,6 +33299,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31666,6 +33358,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31722,6 +33417,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31778,6 +33476,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31834,6 +33535,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31890,6 +33594,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31946,6 +33653,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32002,6 +33712,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32058,6 +33771,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32114,6 +33830,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32170,6 +33889,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32226,6 +33948,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32282,6 +34007,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32338,6 +34066,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32394,6 +34125,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32450,6 +34184,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32506,6 +34243,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32562,6 +34302,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32618,6 +34361,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32674,6 +34420,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32730,6 +34479,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32786,6 +34538,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32842,6 +34597,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32898,6 +34656,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32954,6 +34715,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33010,6 +34774,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33066,6 +34833,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33122,6 +34892,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33178,6 +34951,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33234,6 +35010,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33290,6 +35069,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33346,6 +35128,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33402,6 +35187,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33458,6 +35246,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33514,6 +35305,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33570,6 +35364,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33626,6 +35423,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33682,6 +35482,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33738,6 +35541,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33794,6 +35600,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33850,6 +35659,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33906,6 +35718,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33962,6 +35777,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34018,6 +35836,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34074,6 +35895,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34130,6 +35954,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34186,6 +36013,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34242,6 +36072,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34298,6 +36131,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34354,6 +36190,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34410,6 +36249,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34466,6 +36308,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34522,6 +36367,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34578,6 +36426,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34634,6 +36485,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34690,6 +36544,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34746,6 +36603,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34802,6 +36662,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34858,6 +36721,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34914,6 +36780,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34970,6 +36839,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35026,6 +36898,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35082,6 +36957,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35138,6 +37016,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35194,6 +37075,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35250,6 +37134,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35306,6 +37193,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35362,6 +37252,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35418,6 +37311,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35474,6 +37370,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35530,6 +37429,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35586,6 +37488,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35642,6 +37547,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35698,6 +37606,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35754,6 +37665,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35810,6 +37724,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35866,6 +37783,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35922,6 +37842,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35978,6 +37901,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36034,6 +37960,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36090,6 +38019,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36146,6 +38078,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36202,6 +38137,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36258,6 +38196,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36314,6 +38255,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36370,6 +38314,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36426,6 +38373,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36482,6 +38432,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36538,6 +38491,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36594,6 +38550,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36650,6 +38609,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36706,6 +38668,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36762,6 +38727,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36818,6 +38786,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36874,6 +38845,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36930,6 +38904,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36986,6 +38963,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37042,6 +39022,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37098,6 +39081,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37154,6 +39140,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37210,6 +39199,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37266,6 +39258,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37322,6 +39317,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37378,6 +39376,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37434,6 +39435,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37490,6 +39494,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37546,6 +39553,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37602,6 +39612,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37658,6 +39671,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37714,6 +39730,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37770,6 +39789,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37826,6 +39848,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37882,6 +39907,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37938,6 +39966,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37994,6 +40025,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38050,6 +40084,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38106,6 +40143,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38162,6 +40202,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38218,6 +40261,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38274,6 +40320,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38330,6 +40379,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38386,6 +40438,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38442,6 +40497,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38498,6 +40556,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38554,6 +40615,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38610,6 +40674,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38666,6 +40733,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38722,6 +40792,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38778,6 +40851,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38834,6 +40910,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38890,6 +40969,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38946,6 +41028,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39002,6 +41087,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39058,6 +41146,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39114,6 +41205,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39170,6 +41264,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39226,6 +41323,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39282,6 +41382,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39338,6 +41441,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39394,6 +41500,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39450,6 +41559,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39506,6 +41618,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39562,6 +41677,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39618,6 +41736,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39674,6 +41795,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39730,6 +41854,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39786,6 +41913,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39842,6 +41972,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39898,6 +42031,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39954,6 +42090,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40010,6 +42149,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40066,6 +42208,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40122,6 +42267,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40178,6 +42326,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40234,6 +42385,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40290,6 +42444,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40346,6 +42503,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40402,6 +42562,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40458,6 +42621,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40514,6 +42680,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40570,6 +42739,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40626,6 +42798,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40682,6 +42857,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40738,6 +42916,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40794,6 +42975,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40850,6 +43034,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40906,6 +43093,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40962,6 +43152,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41018,6 +43211,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41074,6 +43270,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41130,6 +43329,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41186,6 +43388,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41242,6 +43447,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41298,6 +43506,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41354,6 +43565,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41410,6 +43624,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41466,6 +43683,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41522,6 +43742,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41578,6 +43801,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41634,6 +43860,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41690,6 +43919,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41746,6 +43978,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41802,6 +44037,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41858,6 +44096,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41914,6 +44155,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41970,6 +44214,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42026,6 +44273,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42082,6 +44332,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42138,6 +44391,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42194,6 +44450,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42250,6 +44509,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42306,6 +44568,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42362,6 +44627,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42418,6 +44686,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42474,6 +44745,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42530,6 +44804,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42586,6 +44863,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42642,6 +44922,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42698,6 +44981,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42754,6 +45040,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42810,6 +45099,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42866,6 +45158,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42922,6 +45217,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42978,6 +45276,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43034,6 +45335,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43090,6 +45394,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43146,6 +45453,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43202,6 +45512,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43258,6 +45571,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43314,6 +45630,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43370,6 +45689,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43426,6 +45748,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43482,6 +45807,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43538,6 +45866,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43594,6 +45925,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43650,6 +45984,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43706,6 +46043,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43762,6 +46102,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43818,6 +46161,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43874,6 +46220,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43930,6 +46279,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43986,6 +46338,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44042,6 +46397,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44098,6 +46456,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44154,6 +46515,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44210,6 +46574,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44266,6 +46633,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44322,6 +46692,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44378,6 +46751,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44434,6 +46810,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44490,6 +46869,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44546,6 +46928,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44602,6 +46987,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44658,6 +47046,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44714,6 +47105,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44770,6 +47164,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44826,6 +47223,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44882,6 +47282,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44938,6 +47341,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44994,6 +47400,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45050,6 +47459,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45106,6 +47518,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45162,6 +47577,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45218,6 +47636,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45274,6 +47695,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45330,6 +47754,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45386,6 +47813,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45442,6 +47872,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45498,6 +47931,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45554,6 +47990,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45610,6 +48049,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45666,6 +48108,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45722,6 +48167,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45778,6 +48226,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45834,6 +48285,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45890,6 +48344,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45946,6 +48403,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46002,6 +48462,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46058,6 +48521,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46114,6 +48580,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46170,6 +48639,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46226,6 +48698,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46282,6 +48757,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46338,6 +48816,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46394,6 +48875,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46450,6 +48934,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46506,6 +48993,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46562,6 +49052,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46618,6 +49111,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46674,6 +49170,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46730,6 +49229,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46786,6 +49288,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46842,6 +49347,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46898,6 +49406,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46954,6 +49465,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47010,6 +49524,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47066,6 +49583,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47122,6 +49642,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47178,6 +49701,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47234,6 +49760,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47290,6 +49819,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47346,6 +49878,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47402,6 +49937,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47458,6 +49996,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47514,6 +50055,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47570,6 +50114,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47626,6 +50173,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47682,6 +50232,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47738,6 +50291,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47794,6 +50350,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47850,6 +50409,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47906,6 +50468,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47962,6 +50527,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48018,6 +50586,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48074,6 +50645,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48130,6 +50704,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48186,6 +50763,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48242,6 +50822,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48298,6 +50881,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48354,6 +50940,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48410,6 +50999,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48466,6 +51058,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48522,6 +51117,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48578,6 +51176,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48634,6 +51235,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48690,6 +51294,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48746,6 +51353,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48802,6 +51412,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48858,6 +51471,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48914,6 +51530,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48970,6 +51589,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49026,6 +51648,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49082,6 +51707,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49138,6 +51766,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49194,6 +51825,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49250,6 +51884,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49306,6 +51943,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49362,6 +52002,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49418,6 +52061,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49474,6 +52120,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49530,6 +52179,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49586,6 +52238,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49642,6 +52297,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49698,6 +52356,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49754,6 +52415,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49810,6 +52474,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49866,6 +52533,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49922,6 +52592,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49978,6 +52651,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50034,6 +52710,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50090,6 +52769,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50146,6 +52828,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50202,6 +52887,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50258,6 +52946,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50314,6 +53005,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50370,6 +53064,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50426,6 +53123,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50482,6 +53182,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50538,6 +53241,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50594,6 +53300,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50650,6 +53359,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50706,6 +53418,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50762,6 +53477,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50818,6 +53536,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50874,6 +53595,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50930,6 +53654,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50986,6 +53713,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51042,6 +53772,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51098,6 +53831,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51154,6 +53890,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51210,6 +53949,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51266,6 +54008,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51322,6 +54067,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51378,6 +54126,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51434,6 +54185,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51490,6 +54244,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51546,6 +54303,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51602,6 +54362,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51658,6 +54421,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51714,6 +54480,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51770,6 +54539,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51826,6 +54598,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51882,6 +54657,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51938,6 +54716,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51994,6 +54775,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52050,6 +54834,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52106,6 +54893,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52162,6 +54952,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52218,6 +55011,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52274,6 +55070,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52330,6 +55129,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52386,6 +55188,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52442,6 +55247,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52498,6 +55306,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52554,6 +55365,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52610,6 +55424,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52666,6 +55483,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52722,6 +55542,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52778,6 +55601,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52834,6 +55660,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52890,6 +55719,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52946,6 +55778,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53002,6 +55837,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53058,6 +55896,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53114,6 +55955,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53170,6 +56014,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53226,6 +56073,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53282,6 +56132,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53338,6 +56191,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53394,6 +56250,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53450,6 +56309,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53506,6 +56368,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53562,6 +56427,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53618,6 +56486,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53674,6 +56545,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53730,6 +56604,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53786,6 +56663,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53842,6 +56722,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53898,6 +56781,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53954,6 +56840,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54010,6 +56899,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54066,6 +56958,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54122,6 +57017,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54178,6 +57076,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54234,6 +57135,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54290,6 +57194,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54346,6 +57253,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54402,6 +57312,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54458,6 +57371,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54514,6 +57430,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54570,6 +57489,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54626,6 +57548,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54682,6 +57607,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54738,6 +57666,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54794,6 +57725,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54850,6 +57784,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54906,6 +57843,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54962,6 +57902,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55018,6 +57961,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55074,6 +58020,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55130,6 +58079,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55186,6 +58138,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55242,6 +58197,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55298,6 +58256,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55354,6 +58315,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55410,6 +58374,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55466,6 +58433,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55522,6 +58492,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55578,6 +58551,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55634,6 +58610,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55690,6 +58669,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55746,6 +58728,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55802,6 +58787,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55858,6 +58846,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55914,6 +58905,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55970,6 +58964,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56026,6 +59023,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56082,6 +59082,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56138,6 +59141,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56194,6 +59200,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56250,6 +59259,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56306,6 +59318,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56362,6 +59377,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56418,6 +59436,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56468,6 +59489,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56524,6 +59548,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56580,6 +59607,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56636,6 +59666,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56692,6 +59725,9 @@ "addBaseUrl": true, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56742,6 +59778,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": null }, @@ -56798,6 +59837,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56854,6 +59896,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56904,6 +59949,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": null }, @@ -56960,6 +60008,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -57010,6 +60061,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": null }, @@ -57066,6 +60120,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -57122,6 +60179,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, diff --git a/test/e2e/annotations/ipdenylist.go b/test/e2e/annotations/ipdenylist.go new file mode 100644 index 000000000..9c1d45cf5 --- /dev/null +++ b/test/e2e/annotations/ipdenylist.go @@ -0,0 +1,147 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package annotations + +import ( + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.DescribeAnnotation("denylist-source-range", func() { + f := framework.NewDefaultFramework("ipdenylist") + + ginkgo.BeforeEach(func() { + f.NewEchoDeployment() + }) + + ginkgo.It("only deny explicitly denied IPs, allow all others", func() { + host := "ipdenylist.foo.com" + namespace := f.Namespace + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/denylist-source-range": "18.0.0.0/8, 56.0.0.1", + } + + ing := framework.NewSingleIngress(host, "/", host, namespace, framework.EchoService, 80, annotations) + + // Temporarily trust forwarded headers so we can test IP based access control + f.UpdateNginxConfigMapData("use-forwarded-headers", "true") + defer func() { + // Return to the original value + f.UpdateNginxConfigMapData("use-forwarded-headers", "false") + }() + + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, "deny 18.0.0.0/8;") && + strings.Contains(server, "deny 56.0.0.1;") && + !strings.Contains(server, "deny all;") + }) + + ginkgo.By("sending request from an explicitly denied IP range") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "18.0.0.1"). + Expect(). + Status(http.StatusForbidden) + + ginkgo.By("sending request from an explicitly denied IP address") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "56.0.0.1"). + Expect(). + Status(http.StatusForbidden) + + ginkgo.By("sending request from an implicitly allowed IP range") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "56.0.0.2"). + Expect(). + Status(http.StatusOK) + }) + + ginkgo.It("only allow explicitly allowed IPs, deny all others", func() { + host := "ipdenylist.foo.com" + namespace := f.Namespace + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/denylist-source-range": "18.1.0.0/16, 56.0.0.0/8", + "nginx.ingress.kubernetes.io/whitelist-source-range": "18.0.0.0/8, 55.0.0.0/8", + } + + ing := framework.NewSingleIngress(host, "/", host, namespace, framework.EchoService, 80, annotations) + + // Temporarily trust forwarded headers so we can test IP based access control + f.UpdateNginxConfigMapData("use-forwarded-headers", "true") + defer func() { + // Return to the original value + f.UpdateNginxConfigMapData("use-forwarded-headers", "false") + }() + + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, "deny 18.1.0.0/16;") && + strings.Contains(server, "deny 56.0.0.0/8;") && + strings.Contains(server, "allow 18.0.0.0/8;") && + strings.Contains(server, "allow 55.0.0.0/8;") && + strings.Contains(server, "deny all;") + }) + + ginkgo.By("sending request from an explicitly denied IP range") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "18.1.0.1"). + Expect(). + Status(http.StatusForbidden) + + ginkgo.By("sending request from an implicitly denied IP") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "10.10.10.10"). + Expect(). + Status(http.StatusForbidden) + + ginkgo.By("sending request from an explicitly allowed IP range") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "18.4.0.1"). + Expect(). + Status(http.StatusOK) + + ginkgo.By("sending request from an explicitly allowed IP range") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "55.55.55.55"). + Expect(). + Status(http.StatusOK) + }) +}) From 424cc8671b1c6df1db08283179d113fbaa5b2213 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Sun, 8 Jan 2023 23:49:27 +0100 Subject: [PATCH 467/494] fix: disable auth access logs (#9049) --- rootfs/etc/nginx/template/nginx.tmpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 02c5637f0..cde7b2b87 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -1058,6 +1058,8 @@ stream { opentracing_propagate_context; {{ end }} + access_log off; + # Ensure that modsecurity will not run on an internal location as this is not accessible from outside {{ if $all.Cfg.EnableModsecurity }} modsecurity off; From 275d5e15e7024af34fa864c2bdbcbf404efea6f6 Mon Sep 17 00:00:00 2001 From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com> Date: Mon, 9 Jan 2023 14:01:29 +0300 Subject: [PATCH 468/494] Add buildResolvers to the stream module (#9184) --- rootfs/etc/nginx/template/nginx.tmpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index cde7b2b87..fc48de912 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -736,6 +736,8 @@ stream { lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;;"; lua_shared_dict tcp_udp_configuration_data 5M; + + {{ buildResolvers $cfg.Resolver $cfg.DisableIpv6DNS }} init_by_lua_block { collectgarbage("collect") From 54dd88a5d1c1ae432e132b5f96ead24ce3b3314b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 06:09:32 -0800 Subject: [PATCH 469/494] Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (#9494) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index b074e7c10..2daf8e667 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a - golang.org/x/crypto v0.4.0 + golang.org/x/crypto v0.5.0 google.golang.org/grpc v1.51.0 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 @@ -109,11 +109,11 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.7.0 // indirect - golang.org/x/net v0.4.0 // indirect + golang.org/x/net v0.5.0 // indirect golang.org/x/oauth2 v0.3.0 // indirect - golang.org/x/sys v0.3.0 // indirect - golang.org/x/term v0.3.0 // indirect - golang.org/x/text v0.5.0 // indirect + golang.org/x/sys v0.4.0 // indirect + golang.org/x/term v0.4.0 // indirect + golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect golang.org/x/tools v0.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 684ae5beb..84a8bb106 100644 --- a/go.sum +++ b/go.sum @@ -423,8 +423,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= -golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= +golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= +golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -491,8 +491,8 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= -golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -558,19 +558,19 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg= +golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From e7bee5308e84269d13b58352aeae3a6f27ea6e52 Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Mon, 9 Jan 2023 14:37:31 +0000 Subject: [PATCH 470/494] added option to disable sync event creation (#8528) * added option to disable event creation Signed-off-by: Marcus Noble * Re-trigger github workflows Signed-off-by: Marcus Noble Signed-off-by: Marcus Noble --- docs/user-guide/cli-arguments.md | 1 + internal/ingress/controller/controller.go | 2 + .../ingress/controller/controller_test.go | 4 +- internal/ingress/controller/nginx.go | 3 +- internal/ingress/controller/store/store.go | 11 +- .../ingress/controller/store/store_test.go | 33 ++++-- pkg/flags/flags.go | 3 + test/e2e/settings/disable_sync_events.go | 107 ++++++++++++++++++ 8 files changed, 147 insertions(+), 17 deletions(-) create mode 100644 test/e2e/settings/disable_sync_events.go diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index ab483b1cd..4379d0b34 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -18,6 +18,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--disable-catch-all` | Disable support for catch-all Ingresses. (default false) | | `--disable-full-test` | Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default). | | `--disable-svc-external-name` | Disable support for Services of type ExternalName. (default false) | +| `--disable-sync-events` | Disables the creation of 'Sync' Event resources, but still logs them | | `--dynamic-configuration-retries` | Number of times to retry failed dynamic configuration before failing to sync an ingress. (default 15) | | `--election-id` | Election id to use for Ingress status updates. (default "ingress-controller-leader") | | `--enable-metrics` | Enables the collection of NGINX metrics. (default true) | diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 8eee56647..010eba162 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -129,6 +129,8 @@ type Configuration struct { DeepInspector bool DynamicConfigurationRetries int + + DisableSyncEvents bool } // GetPublishService returns the Service used to set the load-balancer status of Ingresses. diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index da9f10e45..796012cd3 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -2404,6 +2404,7 @@ func newNGINXController(t *testing.T) *NGINXController { Controller: "k8s.io/ingress-nginx", AnnotationValue: "nginx", }, + false, ) sslCert := ssl.GetFakeSSLCert() @@ -2468,7 +2469,8 @@ func newDynamicNginxController(t *testing.T, setConfigMap func(string) *v1.Confi &ingressclass.IngressClassConfiguration{ Controller: "k8s.io/ingress-nginx", AnnotationValue: "nginx", - }) + }, + false) sslCert := ssl.GetFakeSSLCert() config := &Configuration{ diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 4b543ea2f..5575009ea 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -136,7 +136,8 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro n.updateCh, config.DisableCatchAll, config.DeepInspector, - config.IngressClassConfiguration) + config.IngressClassConfiguration, + config.DisableSyncEvents) n.syncQueue = task.NewTaskQueue(n.syncIngress) diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 7f493bd8a..13af28137 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -251,7 +251,8 @@ func New( updateCh *channels.RingChannel, disableCatchAll bool, deepInspector bool, - icConfig *ingressclass.IngressClassConfiguration) Storer { + icConfig *ingressclass.IngressClassConfiguration, + disableSyncEvents bool) Storer { store := &k8sStore{ informers: &Informer{}, @@ -267,9 +268,11 @@ func New( eventBroadcaster := record.NewBroadcaster() eventBroadcaster.StartLogging(klog.Infof) - eventBroadcaster.StartRecordingToSink(&clientcorev1.EventSinkImpl{ - Interface: client.CoreV1().Events(namespace), - }) + if !disableSyncEvents { + eventBroadcaster.StartRecordingToSink(&clientcorev1.EventSinkImpl{ + Interface: client.CoreV1().Events(namespace), + }) + } recorder := eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{ Component: "nginx-ingress-controller", }) diff --git a/internal/ingress/controller/store/store_test.go b/internal/ingress/controller/store/store_test.go index 9b8947f9c..9fe6e37bb 100644 --- a/internal/ingress/controller/store/store_test.go +++ b/internal/ingress/controller/store/store_test.go @@ -125,7 +125,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) @@ -206,7 +207,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) ic := createIngressClass(clientSet, t, "not-k8s.io/not-ingress-nginx") @@ -310,7 +312,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) validSpec := commonIngressSpec @@ -426,7 +429,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - ingressClassconfig) + ingressClassconfig, + false) storer.Run(stopCh) @@ -556,7 +560,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - ingressClassconfig) + ingressClassconfig, + false) storer.Run(stopCh) validSpec := commonIngressSpec @@ -656,7 +661,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) @@ -750,7 +756,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) invalidSpec := commonIngressSpec @@ -836,7 +843,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) @@ -932,7 +940,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) @@ -1056,7 +1065,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) @@ -1177,7 +1187,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go index 65b5fbcdc..6e183289c 100644 --- a/pkg/flags/flags.go +++ b/pkg/flags/flags.go @@ -214,6 +214,8 @@ Takes the form ":port". If not provided, no admission controller is starte deepInspector = flags.Bool("deep-inspect", true, "Enables ingress object security deep inspector") dynamicConfigurationRetries = flags.Int("dynamic-configuration-retries", 15, "Number of times to retry failed dynamic configuration before failing to sync an ingress.") + + disableSyncEvents = flags.Bool("disable-sync-events", false, "Disables the creation of 'Sync' event resources") ) flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases.`) @@ -364,6 +366,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g ValidationWebhookCertPath: *validationWebhookCert, ValidationWebhookKeyPath: *validationWebhookKey, InternalLoggerAddress: *internalLoggerAddress, + DisableSyncEvents: *disableSyncEvents, } if *apiserverHost != "" { diff --git a/test/e2e/settings/disable_sync_events.go b/test/e2e/settings/disable_sync_events.go new file mode 100644 index 000000000..7d1298087 --- /dev/null +++ b/test/e2e/settings/disable_sync_events.go @@ -0,0 +1,107 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package settings + +import ( + "context" + "fmt" + "strings" + + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.IngressNginxDescribe("[Flag] disable-sync-events", func() { + f := framework.NewDefaultFramework("disable-sync-events") + + ginkgo.It("should create sync events (default)", func() { + host := "sync-events-default" + f.NewEchoDeployment(framework.WithDeploymentReplicas(1)) + + ing := framework.NewSingleIngressWithIngressClass(host, "/", host, f.Namespace, framework.EchoService, f.IngressClass, 80, nil) + ing = f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %v", host)) + }) + + events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host}) + assert.Nil(ginkgo.GinkgoT(), err, "listing events") + + assert.NotEmpty(ginkgo.GinkgoT(), events.Items, "got events") + }) + + ginkgo.It("should create sync events", func() { + host := "disable-sync-events-false" + f.NewEchoDeployment(framework.WithDeploymentReplicas(1)) + + err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { + args := deployment.Spec.Template.Spec.Containers[0].Args + args = append(args, "--disable-sync-events=false") + deployment.Spec.Template.Spec.Containers[0].Args = args + _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) + return err + }) + assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags") + + ing := framework.NewSingleIngressWithIngressClass(host, "/", host, f.Namespace, framework.EchoService, f.IngressClass, 80, nil) + ing = f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %v", host)) + }) + + events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host}) + assert.Nil(ginkgo.GinkgoT(), err, "listing events") + + assert.NotEmpty(ginkgo.GinkgoT(), events.Items, "got events") + }) + + ginkgo.It("should not create sync events", func() { + host := "disable-sync-events-true" + f.NewEchoDeployment(framework.WithDeploymentReplicas(1)) + + err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { + args := deployment.Spec.Template.Spec.Containers[0].Args + args = append(args, "--disable-sync-events=true") + deployment.Spec.Template.Spec.Containers[0].Args = args + _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) + return err + }) + assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags") + + ing := framework.NewSingleIngressWithIngressClass(host, "/", host, f.Namespace, framework.EchoService, f.IngressClass, 80, nil) + ing = f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %v", host)) + }) + + events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host}) + assert.Nil(ginkgo.GinkgoT(), err, "listing events") + + assert.Empty(ginkgo.GinkgoT(), events.Items, "got events") + }) + +}) From 54e2739282a4d878a65d61c1bf797337164f0eed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Henri?= Date: Tue, 10 Jan 2023 12:47:26 -0300 Subject: [PATCH 471/494] Remove nonexistent load flag from docker build commands (#9122) --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5099b4645..0ce3e3cef 100644 --- a/Makefile +++ b/Makefile @@ -201,7 +201,6 @@ dev-env-stop: ## Deletes local Kubernetes cluster created by kind. live-docs: ## Build and launch a local copy of the documentation website in http://localhost:8000 @docker build ${PLATFORM_FLAG} ${PLATFORM} \ --no-cache \ - $(MAC_DOCKER_FLAGS) \ -t ingress-nginx-docs .github/actions/mkdocs @docker run ${PLATFORM_FLAG} ${PLATFORM} --rm -it \ -p 8000:8000 \ @@ -241,6 +240,7 @@ release: ensure-buildx clean docker buildx build \ --no-cache \ + $(MAC_DOCKER_FLAGS) \ --push \ --pull \ --progress plain \ @@ -253,6 +253,7 @@ release: ensure-buildx clean docker buildx build \ --no-cache \ + $(MAC_DOCKER_FLAGS) \ --push \ --pull \ --progress plain \ From ada114315eeeb141111a9fa540e1ed521e647b88 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 10 Jan 2023 11:20:21 -0500 Subject: [PATCH 472/494] Remove 1.5.2 from readme (#9498) --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 73baa8fd2..f8c020b68 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,6 @@ the versions listed. Ingress-Nginx versions may work on older versions but the p | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| -| v1.5.2 | 1.26, 1.25, 1.24, 1.23 | 3.17.2 | 1.21.6 | | v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | From 5b2a9475dc2260dc15561fd117dc221b892464da Mon Sep 17 00:00:00 2001 From: Tomas Hulata Date: Mon, 16 Jan 2023 03:46:50 +0100 Subject: [PATCH 473/494] feat: support topology aware hints (#9165) * support topology aware hints Signed-off-by: tombokombo * add flag to enable topology and fixes Signed-off-by: tombokombo * update readme Signed-off-by: tombokombo * add e2e test Signed-off-by: tombokombo * isolate topology test Signed-off-by: tombokombo * gofmt fix Signed-off-by: tombokombo Signed-off-by: tombokombo --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/templates/_params.tpl | 3 + charts/ingress-nginx/values.yaml | 4 + docs/user-guide/cli-arguments.md | 1 + internal/ingress/controller/controller.go | 55 +++- internal/ingress/controller/endpointslices.go | 31 ++- .../ingress/controller/endpointslices_test.go | 261 +++++++++++++++++- internal/k8s/main.go | 20 ++ pkg/flags/flags.go | 3 + test/e2e-image/e2e.sh | 12 +- .../namespace-overlays/topology/values.yaml | 51 ++++ test/e2e/endpointslices/topology.go | 112 ++++++++ test/e2e/framework/deployment.go | 22 +- test/e2e/kind.yaml | 6 + 14 files changed, 564 insertions(+), 18 deletions(-) create mode 100644 test/e2e-image/namespace-overlays/topology/values.yaml create mode 100644 test/e2e/endpointslices/topology.go diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 00d85156e..817059af2 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -315,6 +315,7 @@ Kubernetes: `>=1.20.0-0` | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | | controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' | | controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | +| controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-aware-hints="auto" Defaults to false | | controller.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use | | controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. | diff --git a/charts/ingress-nginx/templates/_params.tpl b/charts/ingress-nginx/templates/_params.tpl index 66c581fa6..a1aef01ae 100644 --- a/charts/ingress-nginx/templates/_params.tpl +++ b/charts/ingress-nginx/templates/_params.tpl @@ -51,6 +51,9 @@ {{- if .Values.controller.watchIngressWithoutClass }} - --watch-ingress-without-class=true {{- end }} +{{- if .Values.controller.enableTopologyAwareRouting }} +- --enable-topology-aware-routing=true +{{- end }} {{- range $key, $value := .Values.controller.extraArgs }} {{- /* Accept keys without values or with false as value */}} {{- if eq ($value | quote | len) 2 }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index a7fab0fe9..a6df47694 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -77,6 +77,10 @@ controller: # -- Process IngressClass per name (additionally as per spec.controller). ingressClassByName: false + # -- This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-aware-hints="auto" + # Defaults to false + enableTopologyAwareRouting: false + # -- This configuration defines if Ingress Controller should allow users to set # their own *-snippet annotations, otherwise this is forbidden / dropped # when users add those annotations. diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index 4379d0b34..febc6f762 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -24,6 +24,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--enable-metrics` | Enables the collection of NGINX metrics. (default true) | | `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. (default false)| | `--enable-ssl-passthrough` | Enable SSL Passthrough. (default false) | +| `--enable-topology-aware-routing` | Enable topology aware hints feature, needs service object annotation service.kubernetes.io/topology-aware-hints sets to auto. (default false) | | `--health-check-path` | URL path of the health check endpoint. Configured inside the NGINX status server. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. (default "/healthz") | | `--health-check-timeout` | Time limit, in seconds, for a probe to health-check-path to succeed. (default 10) | | `--healthz-port` | Port to use for the healthz endpoint. (default 10254) | diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 010eba162..8bacb3025 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -53,6 +53,7 @@ const ( defUpstreamName = "upstream-default-backend" defServerName = "_" rootLocation = "/" + emptyZone = "" ) // Configuration contains all the settings required by an Ingress controller @@ -131,6 +132,21 @@ type Configuration struct { DynamicConfigurationRetries int DisableSyncEvents bool + + EnableTopologyAwareRouting bool +} + +func getIngressPodZone(svc *apiv1.Service) string { + svcKey := k8s.MetaNamespaceKey(svc) + if svcZoneAnnotation, ok := svc.ObjectMeta.GetAnnotations()[apiv1.AnnotationTopologyAwareHints]; ok { + if strings.ToLower(svcZoneAnnotation) == "auto" { + if foundZone, ok := k8s.IngressNodeDetails.GetLabels()[apiv1.LabelTopologyZone]; ok { + klog.V(3).Infof("Svc has topology aware annotation enabled, try to use zone %q where controller pod is running for Service %q ", foundZone, svcKey) + return foundZone + } + } + } + return emptyZone } // GetPublishService returns the Service used to set the load-balancer status of Ingresses. @@ -429,6 +445,13 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr var endps []ingress.Endpoint /* #nosec */ targetPort, err := strconv.Atoi(svcPort) // #nosec + var zone string + if n.cfg.EnableTopologyAwareRouting { + zone = getIngressPodZone(svc) + } else { + zone = emptyZone + } + if err != nil { // not a port number, fall back to using port name klog.V(3).Infof("Searching Endpoints with %v port name %q for Service %q", proto, svcPort, nsName) @@ -436,7 +459,7 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr sp := svc.Spec.Ports[i] if sp.Name == svcPort { if sp.Protocol == proto { - endps = getEndpointsFromSlices(svc, &sp, proto, n.store.GetServiceEndpointsSlices) + endps = getEndpointsFromSlices(svc, &sp, proto, zone, n.store.GetServiceEndpointsSlices) break } } @@ -447,7 +470,7 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr sp := svc.Spec.Ports[i] if sp.Port == int32(targetPort) { if sp.Protocol == proto { - endps = getEndpointsFromSlices(svc, &sp, proto, n.store.GetServiceEndpointsSlices) + endps = getEndpointsFromSlices(svc, &sp, proto, zone, n.store.GetServiceEndpointsSlices) break } } @@ -498,8 +521,13 @@ func (n *NGINXController) getDefaultUpstream() *ingress.Backend { upstream.Endpoints = append(upstream.Endpoints, n.DefaultEndpoint()) return upstream } - - endps := getEndpointsFromSlices(svc, &svc.Spec.Ports[0], apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) + var zone string + if n.cfg.EnableTopologyAwareRouting { + zone = getIngressPodZone(svc) + } else { + zone = emptyZone + } + endps := getEndpointsFromSlices(svc, &svc.Spec.Ports[0], apiv1.ProtocolTCP, zone, n.store.GetServiceEndpointsSlices) if len(endps) == 0 { klog.Warningf("Service %q does not have any active Endpoint", svcKey) endps = []ingress.Endpoint{n.DefaultEndpoint()} @@ -827,7 +855,13 @@ func (n *NGINXController) getBackendServers(ingresses []*ingress.Ingress) ([]*in } sp := location.DefaultBackend.Spec.Ports[0] - endps := getEndpointsFromSlices(location.DefaultBackend, &sp, apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) + var zone string + if n.cfg.EnableTopologyAwareRouting { + zone = getIngressPodZone(location.DefaultBackend) + } else { + zone = emptyZone + } + endps := getEndpointsFromSlices(location.DefaultBackend, &sp, apiv1.ProtocolTCP, zone, n.store.GetServiceEndpointsSlices) // custom backend is valid only if contains at least one endpoint if len(endps) > 0 { name := fmt.Sprintf("custom-default-backend-%v-%v", location.DefaultBackend.GetNamespace(), location.DefaultBackend.GetName()) @@ -1083,7 +1117,12 @@ func (n *NGINXController) serviceEndpoints(svcKey, backendPort string) ([]ingres if err != nil { return upstreams, err } - + var zone string + if n.cfg.EnableTopologyAwareRouting { + zone = getIngressPodZone(svc) + } else { + zone = emptyZone + } klog.V(3).Infof("Obtaining ports information for Service %q", svcKey) // Ingress with an ExternalName Service and no port defined for that Service if svc.Spec.Type == apiv1.ServiceTypeExternalName { @@ -1092,7 +1131,7 @@ func (n *NGINXController) serviceEndpoints(svcKey, backendPort string) ([]ingres return upstreams, nil } servicePort := externalNamePorts(backendPort, svc) - endps := getEndpointsFromSlices(svc, servicePort, apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) + endps := getEndpointsFromSlices(svc, servicePort, apiv1.ProtocolTCP, zone, n.store.GetServiceEndpointsSlices) if len(endps) == 0 { klog.Warningf("Service %q does not have any active Endpoint.", svcKey) return upstreams, nil @@ -1109,7 +1148,7 @@ func (n *NGINXController) serviceEndpoints(svcKey, backendPort string) ([]ingres servicePort.TargetPort.String() == backendPort || servicePort.Name == backendPort { - endps := getEndpointsFromSlices(svc, &servicePort, apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) + endps := getEndpointsFromSlices(svc, &servicePort, apiv1.ProtocolTCP, zone, n.store.GetServiceEndpointsSlices) if len(endps) == 0 { klog.Warningf("Service %q does not have any active Endpoint.", svcKey) } diff --git a/internal/ingress/controller/endpointslices.go b/internal/ingress/controller/endpointslices.go index 5a24c3880..34d5266dd 100644 --- a/internal/ingress/controller/endpointslices.go +++ b/internal/ingress/controller/endpointslices.go @@ -35,7 +35,7 @@ import ( ) // getEndpoints returns a list of Endpoint structs for a given service/target port combination. -func getEndpointsFromSlices(s *corev1.Service, port *corev1.ServicePort, proto corev1.Protocol, +func getEndpointsFromSlices(s *corev1.Service, port *corev1.ServicePort, proto corev1.Protocol, zoneForHints string, getServiceEndpointsSlices func(string) ([]*discoveryv1.EndpointSlice, error)) []ingress.Endpoint { upsServers := []ingress.Endpoint{} @@ -49,6 +49,7 @@ func getEndpointsFromSlices(s *corev1.Service, port *corev1.ServicePort, proto c processedUpstreamServers := make(map[string]struct{}) svcKey := k8s.MetaNamespaceKey(s) + var useTopologyHints bool // ExternalName services if s.Spec.Type == corev1.ServiceTypeExternalName { @@ -111,12 +112,38 @@ func getEndpointsFromSlices(s *corev1.Service, port *corev1.ServicePort, proto c ports = append(ports, targetPort) } } + useTopologyHints = false + if zoneForHints != emptyZone { + useTopologyHints = true + // check if all endpointslices has zone hints + for _, ep := range eps.Endpoints { + if ep.Hints == nil || len(ep.Hints.ForZones) == 0 { + useTopologyHints = false + break + } + } + if useTopologyHints { + klog.V(3).Infof("All endpoint slices has zone hint, using zone %q for Service %q", zoneForHints, svcKey) + } + } + for _, ep := range eps.Endpoints { if !(*ep.Conditions.Ready) { continue } + epHasZone := false + if useTopologyHints { + for _, epzone := range ep.Hints.ForZones { + if epzone.Name == zoneForHints { + epHasZone = true + break + } + } + } - // ep.Hints + if useTopologyHints && !epHasZone { + continue + } for _, epPort := range ports { for _, epAddress := range ep.Addresses { diff --git a/internal/ingress/controller/endpointslices_test.go b/internal/ingress/controller/endpointslices_test.go index e404c4949..b61e9a4f3 100644 --- a/internal/ingress/controller/endpointslices_test.go +++ b/internal/ingress/controller/endpointslices_test.go @@ -33,6 +33,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { svc *corev1.Service port *corev1.ServicePort proto corev1.Protocol + zone string fn func(string) ([]*discoveryv1.EndpointSlice, error) result []ingress.Endpoint }{ @@ -41,6 +42,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { nil, nil, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return nil, nil }, @@ -51,6 +53,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { &corev1.Service{}, nil, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return nil, nil }, @@ -61,6 +64,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { &corev1.Service{}, &corev1.ServicePort{Name: "default"}, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{}, nil }, @@ -75,6 +79,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { }, &corev1.ServicePort{Name: "default"}, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{}, nil }, @@ -99,6 +104,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{}, nil }, @@ -123,6 +129,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{}, nil }, @@ -147,6 +154,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{}, nil }, @@ -176,6 +184,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{}, nil }, @@ -205,6 +214,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{}, nil }, @@ -229,6 +239,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return nil, fmt.Errorf("unexpected error") }, @@ -253,6 +264,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{{ ObjectMeta: metav1.ObjectMeta{ @@ -296,6 +308,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{{ ObjectMeta: metav1.ObjectMeta{ @@ -339,6 +352,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromString("port-1"), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{{ ObjectMeta: metav1.ObjectMeta{ @@ -382,6 +396,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{{ ObjectMeta: metav1.ObjectMeta{ @@ -430,6 +445,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{{ ObjectMeta: metav1.ObjectMeta{ @@ -478,6 +494,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromString("port-1"), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{ { @@ -552,6 +569,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromString("port-1"), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{ { @@ -622,6 +640,7 @@ func TestGetEndpointsFromSlices(t *testing.T) { TargetPort: intstr.FromString("port-1"), }, corev1.ProtocolTCP, + "", func(string) ([]*discoveryv1.EndpointSlice, error) { return []*discoveryv1.EndpointSlice{{ ObjectMeta: metav1.ObjectMeta{ @@ -656,11 +675,251 @@ func TestGetEndpointsFromSlices(t *testing.T) { }, }, }, + { + "should return one endpoint which belongs to zone", + &corev1.Service{ + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + ClusterIP: "1.1.1.1", + Ports: []corev1.ServicePort{ + { + Name: "default", + TargetPort: intstr.FromString("port-1"), + }, + }, + }, + }, + &corev1.ServicePort{ + Name: "port-1", + TargetPort: intstr.FromString("port-1"), + }, + corev1.ProtocolTCP, + "eu-west-1b", + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + Hints: &[]discoveryv1.EndpointHints{{ + ForZones: []discoveryv1.ForZone{{ + Name: "eu-west-1b", + }}, + }}[0], + }, + { + Addresses: []string{"1.1.1.2"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + Hints: &[]discoveryv1.EndpointHints{{ + ForZones: []discoveryv1.ForZone{{ + Name: "eu-west-1a", + }}, + }}[0], + }, + { + Addresses: []string{"1.1.1.3"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + Hints: &[]discoveryv1.EndpointHints{{ + ForZones: []discoveryv1.ForZone{{ + Name: "eu-west-1c", + }}, + }}[0], + }, + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"port-1"}[0], + }, + }, + }}, nil + }, + []ingress.Endpoint{ + { + Address: "1.1.1.1", + Port: "80", + }, + }, + }, + { + "should return all endpoints because one is missing zone hint", + &corev1.Service{ + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + ClusterIP: "1.1.1.1", + Ports: []corev1.ServicePort{ + { + Name: "default", + TargetPort: intstr.FromString("port-1"), + }, + }, + }, + }, + &corev1.ServicePort{ + Name: "port-1", + TargetPort: intstr.FromString("port-1"), + }, + corev1.ProtocolTCP, + "eu-west-1b", + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + Hints: &[]discoveryv1.EndpointHints{{ + ForZones: []discoveryv1.ForZone{{ + Name: "eu-west-1b", + }}, + }}[0], + }, + { + Addresses: []string{"1.1.1.2"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + Hints: &[]discoveryv1.EndpointHints{{ + ForZones: []discoveryv1.ForZone{{ + Name: "eu-west-1b", + }}, + }}[0], + }, + { + Addresses: []string{"1.1.1.3"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + Hints: &[]discoveryv1.EndpointHints{{}}[0], + }, + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"port-1"}[0], + }, + }, + }}, nil + }, + []ingress.Endpoint{ + { + Address: "1.1.1.1", + Port: "80", + }, + { + Address: "1.1.1.2", + Port: "80", + }, + { + Address: "1.1.1.3", + Port: "80", + }, + }, + }, + { + "should return all endpoints because no zone from controller node", + &corev1.Service{ + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + ClusterIP: "1.1.1.1", + Ports: []corev1.ServicePort{ + { + Name: "default", + TargetPort: intstr.FromString("port-1"), + }, + }, + }, + }, + &corev1.ServicePort{ + Name: "port-1", + TargetPort: intstr.FromString("port-1"), + }, + corev1.ProtocolTCP, + "", + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + Hints: &[]discoveryv1.EndpointHints{{ + ForZones: []discoveryv1.ForZone{{ + Name: "eu-west-1a", + }}, + }}[0], + }, + { + Addresses: []string{"1.1.1.2"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + Hints: &[]discoveryv1.EndpointHints{{ + ForZones: []discoveryv1.ForZone{{ + Name: "eu-west-1b", + }}, + }}[0], + }, + { + Addresses: []string{"1.1.1.3"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + Hints: &[]discoveryv1.EndpointHints{{ + ForZones: []discoveryv1.ForZone{{ + Name: "eu-west-1c", + }}, + }}[0], + }, + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"port-1"}[0], + }, + }, + }}, nil + }, + []ingress.Endpoint{ + { + Address: "1.1.1.1", + Port: "80", + }, + { + Address: "1.1.1.2", + Port: "80", + }, + { + Address: "1.1.1.3", + Port: "80", + }, + }, + }, } for _, testCase := range tests { t.Run(testCase.name, func(t *testing.T) { - result := getEndpointsFromSlices(testCase.svc, testCase.port, testCase.proto, testCase.fn) + result := getEndpointsFromSlices(testCase.svc, testCase.port, testCase.proto, testCase.zone, testCase.fn) if len(testCase.result) != len(result) { t.Errorf("Expected %d Endpoints but got %d", len(testCase.result), len(result)) } diff --git a/internal/k8s/main.go b/internal/k8s/main.go index 5332631a7..e0d2a1660 100644 --- a/internal/k8s/main.go +++ b/internal/k8s/main.go @@ -78,6 +78,8 @@ func GetNodeIPOrName(kubeClient clientset.Interface, name string, useInternalIP var ( // IngressPodDetails hold information about the ingress-nginx pod IngressPodDetails *PodInfo + // IngressNodeDetails old information about the node running ingress-nginx pod + IngressNodeDetails *NodeInfo ) // PodInfo contains runtime information about the pod running the Ingres controller @@ -87,6 +89,12 @@ type PodInfo struct { metav1.ObjectMeta } +// NodeInfo contains runtime information about the node pod running the Ingres controller, eg. zone where pod is running +type NodeInfo struct { + metav1.TypeMeta + metav1.ObjectMeta +} + // GetIngressPod load the ingress-nginx pod func GetIngressPod(kubeClient clientset.Interface) error { podName := os.Getenv("POD_NAME") @@ -108,6 +116,18 @@ func GetIngressPod(kubeClient clientset.Interface) error { pod.ObjectMeta.DeepCopyInto(&IngressPodDetails.ObjectMeta) IngressPodDetails.SetLabels(pod.GetLabels()) + IngressNodeDetails = &NodeInfo{ + TypeMeta: metav1.TypeMeta{APIVersion: "v1", Kind: "Node"}, + } + // Try to get node info/labels to determine topology zone where pod is running + node, err := kubeClient.CoreV1().Nodes().Get(context.TODO(), pod.Spec.NodeName, metav1.GetOptions{}) + if err != nil { + klog.Warningf("Unable to get NODE information: %v", err) + } else { + node.ObjectMeta.DeepCopyInto(&IngressNodeDetails.ObjectMeta) + IngressNodeDetails.SetLabels(node.GetLabels()) + } + return nil } diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go index 6e183289c..911ab775c 100644 --- a/pkg/flags/flags.go +++ b/pkg/flags/flags.go @@ -216,6 +216,8 @@ Takes the form ":port". If not provided, no admission controller is starte dynamicConfigurationRetries = flags.Int("dynamic-configuration-retries", 15, "Number of times to retry failed dynamic configuration before failing to sync an ingress.") disableSyncEvents = flags.Bool("disable-sync-events", false, "Disables the creation of 'Sync' event resources") + + enableTopologyAwareRouting = flags.Bool("enable-topology-aware-routing", false, "Enable topology aware hints feature, needs service object annotation service.kubernetes.io/topology-aware-hints sets to auto.") ) flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases.`) @@ -348,6 +350,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g SyncRateLimit: *syncRateLimit, HealthCheckHost: *healthzHost, DynamicConfigurationRetries: *dynamicConfigurationRetries, + EnableTopologyAwareRouting: *enableTopologyAwareRouting, ListenPorts: &ngx_config.ListenPorts{ Default: *defServerPort, Health: *healthzPort, diff --git a/test/e2e-image/e2e.sh b/test/e2e-image/e2e.sh index 7b4d56f10..ed13926fb 100755 --- a/test/e2e-image/e2e.sh +++ b/test/e2e-image/e2e.sh @@ -41,12 +41,22 @@ reportFileNamePrefix="report-e2e-test-suite" echo -e "${BGREEN}Running e2e test suite (FOCUS=${FOCUS})...${NC}" ginkgo "${ginkgo_args[@]}" \ -focus="${FOCUS}" \ - -skip="\[Serial\]|\[MemoryLeak\]" \ + -skip="\[Serial\]|\[MemoryLeak\]|\[TopologyHints\]" \ -nodes="${E2E_NODES}" \ --junit-report=$reportFileNamePrefix.xml \ /e2e.test # Create configMap out of a compressed report file for extraction later +# Must be isolated, there is a collision if multiple helms tries to install same clusterRole at same time +echo -e "${BGREEN}Running e2e test for topology aware hints...${NC}" +ginkgo "${ginkgo_args[@]}" \ + -focus="\[TopologyHints\]" \ + -skip="\[Serial\]|\[MemoryLeak\]]" \ + -nodes="${E2E_NODES}" \ + --junit-report=$reportFileNamePrefix-topology.xml \ + /e2e.test +# Create configMap out of a compressed report file for extraction later + echo -e "${BGREEN}Running e2e test suite with tests that require serial execution...${NC}" ginkgo "${ginkgo_args[@]}" \ -focus="\[Serial\]" \ diff --git a/test/e2e-image/namespace-overlays/topology/values.yaml b/test/e2e-image/namespace-overlays/topology/values.yaml new file mode 100644 index 000000000..28b1cad19 --- /dev/null +++ b/test/e2e-image/namespace-overlays/topology/values.yaml @@ -0,0 +1,51 @@ +# TODO: remove the need to use fullnameOverride +fullnameOverride: nginx-ingress +controller: + image: + repository: ingress-controller/controller + chroot: true + tag: 1.0.0-dev + digest: + digestChroot: + scope: + enabled: false + config: + worker-processes: "1" + readinessProbe: + initialDelaySeconds: 3 + periodSeconds: 1 + livenessProbe: + initialDelaySeconds: 3 + periodSeconds: 1 + service: + type: NodePort + electionID: ingress-controller-leader + ingressClassResource: + # We will create and remove each IC/ClusterRole/ClusterRoleBinding per test so there's no conflict + enabled: false + extraArgs: + tcp-services-configmap: $NAMESPACE/tcp-services + # e2e tests do not require information about ingress status + update-status: "false" + terminationGracePeriodSeconds: 1 + admissionWebhooks: + enabled: false + + enableTopologyAwareRouting: true + + # ulimit -c unlimited + # mkdir -p /tmp/coredump + # chmod a+rwx /tmp/coredump + # echo "/tmp/coredump/core.%e.%p.%h.%t" > /proc/sys/kernel/core_pattern + extraVolumeMounts: + - name: coredump + mountPath: /tmp/coredump + + extraVolumes: + - name: coredump + hostPath: + path: /tmp/coredump + +rbac: + create: true + scope: false diff --git a/test/e2e/endpointslices/topology.go b/test/e2e/endpointslices/topology.go new file mode 100644 index 000000000..ce913e966 --- /dev/null +++ b/test/e2e/endpointslices/topology.go @@ -0,0 +1,112 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package endpointslices + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "os/exec" + "strings" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" + + "k8s.io/ingress-nginx/internal/nginx" + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.IngressNginxDescribe("[TopologyHints] topology aware routing", func() { + f := framework.NewDefaultFramework("topology") + host := "topology-svc.foo.com" + + ginkgo.BeforeEach(func() { + f.NewEchoDeployment(framework.WithDeploymentReplicas(2), framework.WithSvcTopologyAnnotations()) + }) + + ginkgo.AfterEach(func() { + // we need to uninstall chart because of clusterRole which is not destroyed with namespace + err := uninstallChart(f) + assert.Nil(ginkgo.GinkgoT(), err, "uninstalling helm chart") + }) + + ginkgo.It("should return 200 when service has topology hints", func() { + + annotations := make(map[string]string) + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %s", host)) + }) + + ginkgo.By("checking if the service is reached") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + + slices, err := f.KubeClientSet.DiscoveryV1().EndpointSlices(f.Namespace).List(context.TODO(), metav1.ListOptions{ + LabelSelector: "kubernetes.io/service-name=echo", + Limit: 1, + }) + assert.Nil(ginkgo.GinkgoT(), err) + + // check if we have hints, really depends on k8s endpoint slice controller + gotHints := true + for _, ep := range slices.Items[0].Endpoints { + if ep.Hints == nil || len(ep.Hints.ForZones) == 0 { + gotHints = false + break + } + } + + curlCmd := fmt.Sprintf("curl --fail --silent http://localhost:%v/configuration/backends", nginx.StatusPort) + status, err := f.ExecIngressPod(curlCmd) + assert.Nil(ginkgo.GinkgoT(), err) + var backends []map[string]interface{} + json.Unmarshal([]byte(status), &backends) + gotBackends := 0 + for _, bck := range backends { + if strings.Contains(bck["name"].(string), "topology") { + gotBackends = len(bck["endpoints"].([]interface{})) + } + } + + if gotHints { + //we have 2 replics, if there is just one backend it means that we are routing according slices hints to same zone as controller is + assert.Equal(ginkgo.GinkgoT(), 1, gotBackends) + } else { + // two replicas should have two endpoints without topology hints + assert.Equal(ginkgo.GinkgoT(), 2, gotBackends) + } + }) +}) + +func uninstallChart(f *framework.Framework) error { + cmd := exec.Command("helm", "uninstall", "--namespace", f.Namespace, "nginx-ingress") + _, err := cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("unexpected error uninstalling ingress-nginx release: %v", err) + } + + return nil +} diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 3cfe8f360..8115fd12e 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -40,10 +40,10 @@ const SlowEchoService = "slow-echo" const HTTPBinService = "httpbin" type deploymentOptions struct { - namespace string - name string - replicas int - image string + namespace string + name string + replicas int + svcAnnotations map[string]string } // WithDeploymentNamespace allows configuring the deployment's namespace @@ -53,6 +53,15 @@ func WithDeploymentNamespace(n string) func(*deploymentOptions) { } } +// WithSvcTopologyAnnotations create svc with topology aware hints sets to auto +func WithSvcTopologyAnnotations() func(*deploymentOptions) { + return func(o *deploymentOptions) { + o.svcAnnotations = map[string]string{ + "service.kubernetes.io/topology-aware-hints": "auto", + } + } +} + // WithDeploymentName allows configuring the deployment's names func WithDeploymentName(n string) func(*deploymentOptions) { return func(o *deploymentOptions) { @@ -95,8 +104,9 @@ func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { service := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: options.name, - Namespace: options.namespace, + Name: options.name, + Namespace: options.namespace, + Annotations: options.svcAnnotations, }, Spec: corev1.ServiceSpec{ Ports: []corev1.ServicePort{ diff --git a/test/e2e/kind.yaml b/test/e2e/kind.yaml index 97dc7082d..07a56dae8 100644 --- a/test/e2e/kind.yaml +++ b/test/e2e/kind.yaml @@ -2,8 +2,14 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane + labels: + topology.kubernetes.io/zone: zone-1 - role: worker + labels: + topology.kubernetes.io/zone: zone-1 - role: worker + labels: + topology.kubernetes.io/zone: zone-2 kubeadmConfigPatches: - | kind: ClusterConfiguration From 1a65027e4c2051ef2df8afee4b06021d8dde26bb Mon Sep 17 00:00:00 2001 From: lythandas <90504445+lythandas@users.noreply.github.com> Date: Mon, 16 Jan 2023 03:52:50 +0100 Subject: [PATCH 474/494] Change default value of enable-brotli (#9500) --- docs/user-guide/nginx-configuration/configmap.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 77cee0507..5c0b79510 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -693,7 +693,8 @@ _**default:**_ false ## enable-brotli Enables or disables compression of HTTP responses using the ["brotli" module](https://github.com/google/ngx_brotli). -The default mime type list to compress is: `application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component`. _**default:**_ is disabled +The default mime type list to compress is: `application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component`. +_**default:**_ false > __Note:__ Brotli does not works in Safari < 11. For more information see [https://caniuse.com/#feat=brotli](https://caniuse.com/#feat=brotli) From dbe88c55a353c01e6748f0eadbc5a8e8108ffc74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Libor=20Ry=C5=A1av=C3=BD?= Date: Mon, 16 Jan 2023 13:18:51 +0100 Subject: [PATCH 475/494] Sanitise request metrics in monitoring docs (#9384) Also add more detailed description to `nginx_ingress_controller_request_duration_seconds` and `nginx_ingress_controller_response_duration_seconds` based on NGINX docs. Also reformat the list so the descriptions are under the corresponding list item. --- docs/user-guide/monitoring.md | 52 ++++++++++++----------------------- 1 file changed, 18 insertions(+), 34 deletions(-) diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index cc9fb91ec..058c261ab 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -355,56 +355,40 @@ Prometheus metrics are exposed on port 10254. ### Request metrics -* `nginx_ingress_controller_request_duration_seconds` Histogram - - The request processing time in seconds (affected by client speed) - +* `nginx_ingress_controller_request_duration_seconds` Histogram\ + The request processing (time elapsed between the first bytes were read from the client and the log write after the last bytes were sent to the client) time in seconds (affected by client speed).\ nginx var: `request_time` -* `nginx_ingress_controller_response_duration_seconds` Histogram - - The time spent on receiving the response from the upstream server (affected by client speed) - +* `nginx_ingress_controller_response_duration_seconds` Histogram\ + The time spent on receiving the response from the upstream server in seconds (affected by client speed when the response is bigger than proxy buffers).\ + Note: can be up to several millis bigger than the `nginx_ingress_controller_request_duration_seconds` because of the different measuring method. nginx var: `upstream_response_time` -* `nginx_ingress_controller_header_duration_seconds` Histogram - - The time spent on receiving first header from the upstream server - +* `nginx_ingress_controller_header_duration_seconds` Histogram\ + The time spent on receiving first header from the upstream server\ nginx var: `upstream_header_time` -* `nginx_ingress_controller_connect_duration_seconds` Histogram - - The time spent on establishing a connection with the upstream server - +* `nginx_ingress_controller_connect_duration_seconds` Histogram\ + The time spent on establishing a connection with the upstream server\ nginx var: `upstream_connect_time` -* `nginx_ingress_controller_response_size` Histogram - - The response length (including request line, header, and request body) - +* `nginx_ingress_controller_response_size` Histogram\ + The response length (including request line, header, and request body)\ nginx var: `bytes_sent` -* `nginx_ingress_controller_request_size` Histogram - - The request length (including request line, header, and request body) - +* `nginx_ingress_controller_request_size` Histogram\ + The request length (including request line, header, and request body)\ nginx var: `request_length` -* `nginx_ingress_controller_requests` Counter - +* `nginx_ingress_controller_requests` Counter\ The total number of client requests -* `nginx_ingress_controller_bytes_sent` Histogram - - The number of bytes sent to a client. **Deprecated**, use `nginx_ingress_controller_response_size` - +* `nginx_ingress_controller_bytes_sent` Histogram\ + The number of bytes sent to a client. **Deprecated**, use `nginx_ingress_controller_response_size`\ nginx var: `bytes_sent` -* `nginx_ingress_controller_ingress_upstream_latency_seconds` Summary - - Upstream service latency per Ingress. **Deprecated**, use `nginx_ingress_controller_connect_duration_seconds` - +* `nginx_ingress_controller_ingress_upstream_latency_seconds` Summary\ + Upstream service latency per Ingress. **Deprecated**, use `nginx_ingress_controller_connect_duration_seconds`\ nginx var: `upstream_connect_time` ``` From 39b5ce844b4966a4f449b77f928759900eb261ec Mon Sep 17 00:00:00 2001 From: Makhonin Alexey <60808275+alex123012@users.noreply.github.com> Date: Mon, 16 Jan 2023 16:22:51 +0400 Subject: [PATCH 476/494] Add new prometheus metric for orphaned ingress (#8230) * Add new metric for orhaned ingress * Fix const labels * Fix after rebase --- internal/ingress/controller/controller.go | 18 +++++++--- .../ingress/controller/controller_test.go | 7 ++-- .../ingress/metric/collectors/controller.go | 33 +++++++++++++++++++ internal/ingress/metric/dummy.go | 6 ++++ internal/ingress/metric/main.go | 10 ++++++ 5 files changed, 67 insertions(+), 7 deletions(-) diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 8bacb3025..dab507cdf 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -50,10 +50,12 @@ import ( ) const ( - defUpstreamName = "upstream-default-backend" - defServerName = "_" - rootLocation = "/" - emptyZone = "" + defUpstreamName = "upstream-default-backend" + defServerName = "_" + rootLocation = "/" + emptyZone = "" + orphanMetricLabelNoService = "no-service" + orphanMetricLabelNoEndpoint = "no-endpoint" ) // Configuration contains all the settings required by an Ingress controller @@ -1052,8 +1054,16 @@ func (n *NGINXController) createUpstreams(data []*ingress.Ingress, du *ingress.B endp, err := n.serviceEndpoints(svcKey, port.String()) if err != nil { klog.Warningf("Error obtaining Endpoints for Service %q: %v", svcKey, err) + n.metricCollector.IncOrphanIngress(ing.Namespace, ing.Name, orphanMetricLabelNoService) continue } + n.metricCollector.DecOrphanIngress(ing.Namespace, ing.Name, orphanMetricLabelNoService) + + if len(endp) == 0 { + n.metricCollector.IncOrphanIngress(ing.Namespace, ing.Name, orphanMetricLabelNoEndpoint) + } else { + n.metricCollector.DecOrphanIngress(ing.Namespace, ing.Name, orphanMetricLabelNoEndpoint) + } upstreams[name].Endpoints = endp } diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index 796012cd3..8cca10385 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -2481,8 +2481,9 @@ func newDynamicNginxController(t *testing.T, setConfigMap func(string) *v1.Confi } return &NGINXController{ - store: storer, - cfg: config, - command: NewNginxCommand(), + store: storer, + cfg: config, + command: NewNginxCommand(), + metricCollector: metric.DummyCollector{}, } } diff --git a/internal/ingress/metric/collectors/controller.go b/internal/ingress/metric/collectors/controller.go index 5822f0d57..3a65a1a99 100644 --- a/internal/ingress/metric/collectors/controller.go +++ b/internal/ingress/metric/collectors/controller.go @@ -32,6 +32,7 @@ var ( ingressOperation = []string{"controller_namespace", "controller_class", "controller_pod", "namespace", "ingress"} sslLabelHost = []string{"namespace", "class", "host", "secret_name"} sslInfoLabels = []string{"namespace", "class", "host", "secret_name", "identifier", "issuer_organization", "issuer_common_name", "serial_number", "public_key_algorithm"} + orphanityLabels = []string{"controller_namespace", "controller_class", "controller_pod", "namespace", "ingress", "type"} ) // Controller defines base metrics about the ingress controller @@ -48,6 +49,7 @@ type Controller struct { checkIngressOperationErrors *prometheus.CounterVec sslExpireTime *prometheus.GaugeVec sslInfo *prometheus.GaugeVec + OrphanIngress *prometheus.GaugeVec constLabels prometheus.Labels labels prometheus.Labels @@ -171,6 +173,15 @@ func NewController(pod, namespace, class string) *Controller { }, []string{"name"}, ), + OrphanIngress: prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Namespace: PrometheusNamespace, + Name: "orphan_ingress", + Help: `Gauge reporting status of ingress orphanity, 1 indicates orphaned ingress. + 'namespace' is the string used to identify namespace of ingress, 'ingress' for ingress name and 'type' for 'no-service' or 'no-endpoint' of orphanity`, + }, + orphanityLabels, + ), } return cm @@ -214,6 +225,26 @@ func (cm *Controller) IncCheckErrorCount(namespace, name string) { cm.checkIngressOperationErrors.MustCurryWith(cm.constLabels).With(labels).Inc() } +// IncOrphanIngress sets the the orphaned ingress gauge to one +func (cm *Controller) IncOrphanIngress(namespace string, name string, orphanityType string) { + labels := prometheus.Labels{ + "namespace": namespace, + "ingress": name, + "type": orphanityType, + } + cm.OrphanIngress.MustCurryWith(cm.constLabels).With(labels).Set(1.0) +} + +// DecOrphanIngress sets the the orphaned ingress gauge to zero (all services has their endpoints) +func (cm *Controller) DecOrphanIngress(namespace string, name string, orphanityType string) { + labels := prometheus.Labels{ + "namespace": namespace, + "ingress": name, + "type": orphanityType, + } + cm.OrphanIngress.MustCurryWith(cm.constLabels).With(labels).Set(0.0) +} + // ConfigSuccess set a boolean flag according to the output of the controller configuration reload func (cm *Controller) ConfigSuccess(hash uint64, success bool) { if success { @@ -242,6 +273,7 @@ func (cm Controller) Describe(ch chan<- *prometheus.Desc) { cm.sslInfo.Describe(ch) cm.leaderElection.Describe(ch) cm.buildInfo.Describe(ch) + cm.OrphanIngress.Describe(ch) } // Collect implements the prometheus.Collector interface. @@ -257,6 +289,7 @@ func (cm Controller) Collect(ch chan<- prometheus.Metric) { cm.sslInfo.Collect(ch) cm.leaderElection.Collect(ch) cm.buildInfo.Collect(ch) + cm.OrphanIngress.Collect(ch) } // SetSSLExpireTime sets the expiration time of SSL Certificates diff --git a/internal/ingress/metric/dummy.go b/internal/ingress/metric/dummy.go index 4a6366b84..e34b5ecbd 100644 --- a/internal/ingress/metric/dummy.go +++ b/internal/ingress/metric/dummy.go @@ -41,6 +41,12 @@ func (dc DummyCollector) IncReloadCount() {} // IncReloadErrorCount ... func (dc DummyCollector) IncReloadErrorCount() {} +// IncOrphanIngress ... +func (dc DummyCollector) IncOrphanIngress(string, string, string) {} + +// DecOrphanIngress ... +func (dc DummyCollector) DecOrphanIngress(string, string, string) {} + // IncCheckCount ... func (dc DummyCollector) IncCheckCount(string, string) {} diff --git a/internal/ingress/metric/main.go b/internal/ingress/metric/main.go index b3323c7fe..892c8e8db 100644 --- a/internal/ingress/metric/main.go +++ b/internal/ingress/metric/main.go @@ -43,6 +43,8 @@ type Collector interface { IncCheckCount(string, string) IncCheckErrorCount(string, string) + IncOrphanIngress(string, string, string) + DecOrphanIngress(string, string, string) RemoveMetrics(ingresses, endpoints, certificates []string) @@ -181,6 +183,14 @@ func (c *collector) SetSSLInfo(servers []*ingress.Server) { c.ingressController.SetSSLInfo(servers) } +func (c *collector) IncOrphanIngress(namespace string, name string, orphanityType string) { + c.ingressController.IncOrphanIngress(namespace, name, orphanityType) +} + +func (c *collector) DecOrphanIngress(namespace string, name string, orphanityType string) { + c.ingressController.DecOrphanIngress(namespace, name, orphanityType) +} + func (c *collector) SetHosts(hosts sets.String) { c.socket.SetHosts(hosts) } From a2c9b8833b482cdbf484c80bd8c8d169d2899cb5 Mon Sep 17 00:00:00 2001 From: Makhonin Alexey <60808275+alex123012@users.noreply.github.com> Date: Mon, 16 Jan 2023 20:26:38 +0400 Subject: [PATCH 477/494] Add docs about orphan_ingress metric (#9514) --- docs/user-guide/monitoring.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index 058c261ab..807d91afc 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -453,6 +453,8 @@ Prometheus metrics are exposed on port 10254. # TYPE nginx_ingress_controller_ssl_certificate_info gauge # HELP nginx_ingress_controller_success Cumulative number of Ingress controller reload operations # TYPE nginx_ingress_controller_success counter +# HELP nginx_ingress_controller_orphan_ingress Gauge reporting status of ingress orphanity, 1 indicates orphaned ingress. 'namespace' is the string used to identify namespace of ingress, 'ingress' for ingress name and 'type' for 'no-service' or 'no-endpoint' of orphanity +# TYPE nginx_ingress_controller_orphan_ingress gauge ``` ### Admission metrics From a069617ef88a9a33b8cbd2f4d92a4c2574dac818 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Mon, 16 Jan 2023 17:38:50 +0100 Subject: [PATCH 478/494] Values: Add missing `controller.metrics.service.labels`. (#9501) --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/values.yaml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 817059af2..65236e08c 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -377,6 +377,7 @@ Kubernetes: `>=1.20.0-0` | controller.metrics.prometheusRule.rules | list | `[]` | | | controller.metrics.service.annotations | object | `{}` | | | controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | +| controller.metrics.service.labels | object | `{}` | Labels to be added to the metrics service resource | | controller.metrics.service.loadBalancerSourceRanges | list | `[]` | | | controller.metrics.service.servicePort | int | `10254` | | | controller.metrics.service.type | string | `"ClusterIP"` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index a6df47694..215ce509d 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -704,6 +704,8 @@ controller: annotations: {} # prometheus.io/scrape: "true" # prometheus.io/port: "10254" + # -- Labels to be added to the metrics service resource + labels: {} # clusterIP: "" From e6dcd6845e3dc2e314a676cad7107fe75225def0 Mon Sep 17 00:00:00 2001 From: Samuel Vaillant Date: Tue, 17 Jan 2023 02:08:32 +0100 Subject: [PATCH 479/494] feat(configmap): expose gzip-disable (#9505) * docs(configmap): add link for gzip-min-length * feat(configmap): expose gzip-disable * test(e2e): cover gzip settings * docs(configmap): simplify description with NGINX link * refactor(configmap): simplify condition --- .../nginx-configuration/configmap.md | 6 ++ internal/ingress/controller/config/config.go | 6 +- .../controller/template/configmap_test.go | 2 + rootfs/etc/nginx/template/nginx.tmpl | 3 + test/e2e/settings/gzip.go | 99 +++++++++++++++++++ 5 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 test/e2e/settings/gzip.go diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 5c0b79510..2a3369044 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -103,7 +103,9 @@ The following table shows a configuration option's name, type, and the default v |[brotli-min-length](#brotli-min-length)|int|20| |[brotli-types](#brotli-types)|string|"application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"| |[use-http2](#use-http2)|bool|"true"| +|[gzip-disable](#gzip-disable)|string|""| |[gzip-level](#gzip-level)|int|1| +|[gzip-min-length](#gzip-min-length)|int|256| |[gzip-types](#gzip-types)|string|"application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"| |[worker-processes](#worker-processes)|string|``| |[worker-cpu-affinity](#worker-cpu-affinity)|string|""| @@ -715,6 +717,10 @@ _**default:**_ `application/xml+rss application/atom+xml application/javascript Enables or disables [HTTP/2](https://nginx.org/en/docs/http/ngx_http_v2_module.html) support in secure connections. +## gzip-disable + +Disables [gzipping](http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_disable) of responses for requests with "User-Agent" header fields matching any of the specified regular expressions. + ## gzip-level Sets the gzip Compression Level that will be used. _**default:**_ 1 diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index f064dad53..a4a4c5a0b 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -438,6 +438,11 @@ type Configuration struct { // Default: true UseHTTP2 bool `json:"use-http2,omitempty"` + // Disables gzipping of responses for requests with "User-Agent" header fields matching any of + // the specified regular expressions. + // http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_disable + GzipDisable string `json:"gzip-disable,omitempty"` + // gzip Compression Level that will be used GzipLevel int `json:"gzip-level,omitempty"` @@ -794,7 +799,6 @@ func NewDefault() Configuration { defGlobalExternalAuth := GlobalExternalAuth{"", "", "", "", "", append(defResponseHeaders, ""), "", "", "", []string{}, map[string]string{}, false} cfg := Configuration{ - AllowSnippetAnnotations: true, AllowBackendServerHeader: false, AnnotationValueWordBlocklist: "", diff --git a/internal/ingress/controller/template/configmap_test.go b/internal/ingress/controller/template/configmap_test.go index c662e0bc7..ebe55d192 100644 --- a/internal/ingress/controller/template/configmap_test.go +++ b/internal/ingress/controller/template/configmap_test.go @@ -64,6 +64,7 @@ func TestMergeConfigMapToStruct(t *testing.T) { "access-log-path": "/var/log/test/access.log", "error-log-path": "/var/log/test/error.log", "use-gzip": "false", + "gzip-disable": "msie6", "gzip-level": "9", "gzip-min-length": "1024", "gzip-types": "text/html", @@ -87,6 +88,7 @@ func TestMergeConfigMapToStruct(t *testing.T) { def.ProxyReadTimeout = 1 def.ProxySendTimeout = 2 def.UseProxyProtocol = true + def.GzipDisable = "msie6" def.GzipLevel = 9 def.GzipMinLength = 1024 def.GzipTypes = "text/html" diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index fc48de912..911cf75ea 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -336,6 +336,9 @@ http { {{ if $cfg.UseGzip }} gzip on; gzip_comp_level {{ $cfg.GzipLevel }}; + {{- if $cfg.GzipDisable }} + gzip_disable "{{ $cfg.GzipDisable }}"; + {{- end }} gzip_http_version 1.1; gzip_min_length {{ $cfg.GzipMinLength}}; gzip_types {{ $cfg.GzipTypes }}; diff --git a/test/e2e/settings/gzip.go b/test/e2e/settings/gzip.go new file mode 100644 index 000000000..68e80d3a0 --- /dev/null +++ b/test/e2e/settings/gzip.go @@ -0,0 +1,99 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package settings + +import ( + "fmt" + "strings" + + "github.com/onsi/ginkgo/v2" + + "k8s.io/ingress-nginx/internal/ingress/controller/config" + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.DescribeSetting("gzip", func() { + f := framework.NewDefaultFramework("gzip") + + ginkgo.It("should be disabled by default", func() { + f.WaitForNginxConfiguration( + func(cfg string) bool { + return !strings.Contains(cfg, "gzip on;") + }) + }) + + ginkgo.It("should be enabled with default settings", func() { + f.UpdateNginxConfigMapData("use-gzip", "true") + + f.WaitForNginxConfiguration( + func(cfg string) bool { + defaultCfg := config.NewDefault() + return strings.Contains(cfg, "gzip on;") && + strings.Contains(cfg, fmt.Sprintf("gzip_comp_level %d;", defaultCfg.GzipLevel)) && + !strings.Contains(cfg, "gzip_disable") && + strings.Contains(cfg, "gzip_http_version 1.1;") && + strings.Contains(cfg, fmt.Sprintf("gzip_min_length %d;", defaultCfg.GzipMinLength)) && + strings.Contains(cfg, fmt.Sprintf("gzip_types %s;", defaultCfg.GzipTypes)) && + strings.Contains(cfg, "gzip_proxied any;") && + strings.Contains(cfg, "gzip_vary on;") + }) + }) + + ginkgo.It("should set gzip_comp_level to 4", func() { + f.UpdateNginxConfigMapData("use-gzip", "true") + f.UpdateNginxConfigMapData("gzip-level", "4") + + f.WaitForNginxConfiguration( + func(cfg string) bool { + return strings.Contains(cfg, "gzip on;") && + strings.Contains(cfg, "gzip_comp_level 4;") + }) + }) + + ginkgo.It("should set gzip_disable to msie6", func() { + f.UpdateNginxConfigMapData("use-gzip", "true") + f.UpdateNginxConfigMapData("gzip-disable", "msie6") + + f.WaitForNginxConfiguration( + func(cfg string) bool { + return strings.Contains(cfg, "gzip on;") && + strings.Contains(cfg, `gzip_disable "msie6";`) + }) + }) + + ginkgo.It("should set gzip_min_length to 100", func() { + f.UpdateNginxConfigMapData("use-gzip", "true") + f.UpdateNginxConfigMapData("gzip-min-length", "100") + + f.WaitForNginxConfiguration( + func(cfg string) bool { + return strings.Contains(cfg, "gzip on;") && + strings.Contains(cfg, "gzip_min_length 100;") + }) + }) + + ginkgo.It("should set gzip_types to application/javascript", func() { + f.UpdateNginxConfigMapData("use-gzip", "true") + f.UpdateNginxConfigMapData("gzip-types", "application/javascript") + + f.WaitForNginxConfiguration( + func(cfg string) bool { + return strings.Contains(cfg, "gzip on;") && + strings.Contains(cfg, "gzip_types application/javascript;") + }) + }) +}) From da98c744b95e1d36d24f77454b3a76ad29b53702 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Mon, 16 Jan 2023 23:51:23 -0300 Subject: [PATCH 480/494] Implement pathType validation (#9511) --- charts/ingress-nginx/README.md | 1 + .../templates/controller-configmap.yaml | 1 + charts/ingress-nginx/values.yaml | 5 + .../nginx-configuration/configmap.md | 23 +++ internal/ingress/controller/config/config.go | 13 ++ internal/ingress/controller/controller.go | 4 + .../ingress/controller/controller_test.go | 91 +++++++++ internal/ingress/controller/store/store.go | 9 +- internal/k8s/main.go | 3 - pkg/util/ingress/ingress.go | 60 ++++-- pkg/util/ingress/ingress_test.go | 188 +++++++++++++----- test/e2e/admission/admission.go | 34 ++++ test/e2e/annotations/affinity.go | 6 + test/e2e/annotations/rewrite.go | 8 + test/e2e/security/invalid_paths.go | 134 ------------- 15 files changed, 373 insertions(+), 207 deletions(-) delete mode 100644 test/e2e/security/invalid_paths.go diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 65236e08c..174a8870d 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -311,6 +311,7 @@ Kubernetes: `>=1.20.0-0` | controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on | | controller.customTemplate.configMapKey | string | `""` | | | controller.customTemplate.configMapName | string | `""` | | +| controller.disablePathTypeValidation | bool | `false` | This configuration defines if Ingress Controller should validate pathType. If this is true, special characters will be allowed on paths of any pathType. If false, special characters are only allowed on paths with pathType = ImplementationSpecific | | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | | controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' | diff --git a/charts/ingress-nginx/templates/controller-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap.yaml index f28b26e1e..ffd003ee8 100644 --- a/charts/ingress-nginx/templates/controller-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap.yaml @@ -14,6 +14,7 @@ metadata: namespace: {{ .Release.Namespace }} data: allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}" + disable-pathtype-validation: "{{ .Values.controller.disablePathTypeValidation }}" {{- if .Values.controller.addHeaders }} add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 215ce509d..072493ccc 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -87,6 +87,11 @@ controller: # Global snippets in ConfigMap are still respected allowSnippetAnnotations: true + # -- This configuration defines if Ingress Controller should validate pathType. + # If this is true, special characters will be allowed on paths of any pathType. If + # false, special characters are only allowed on paths with pathType = ImplementationSpecific + disablePathTypeValidation: false + # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 # is merged diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 2a3369044..849d6968a 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -216,6 +216,8 @@ The following table shows a configuration option's name, type, and the default v |[service-upstream](#service-upstream)|bool|"false"| |[ssl-reject-handshake](#ssl-reject-handshake)|bool|"false"| |[debug-connections](#debug-connections)|[]string|"127.0.0.1,1.1.1.1/24"| +|[disable-pathtype-validation](#disable-pathtype-validation)|bool|"false"| +|[path-additional-allowed-chars](#path-additional-allowed-chars)|string|"^%$[](){}*+?"| ## add-headers @@ -1326,3 +1328,24 @@ _**default:**_ "" _References:_ [http://nginx.org/en/docs/ngx_core_module.html#debug_connection](http://nginx.org/en/docs/ngx_core_module.html#debug_connection) + +## disable-pathtype-validation +Ingress Controller validates the pathType, and only allows special characters on "path" if pathType is +ImplementationSpecific. + +The only characters allowed on ingresses with pathType not ImplementationSpecific +will be 0-9, a-z, A-Z, "-", ".", "_", "~", "/". + +If the validation is disabled, the [#path-additional-allowed-chars](#path-additional-allowed-chars) will +be allowed on any pathType. + +This behavior can be disabled, so special characters are accepted regardless of pathType +_**default:**_ "false" + +## path-additional-allowed-chars +When validating path on Ingress resources, defines the additional set of special characters that +will be allowed. + +See also [#disable-pathtype-validation](#disable-pathtype-validation). + +_**default:**_ "^%$[](){}*+?|" \ No newline at end of file diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index a4a4c5a0b..b246ef9cf 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -782,6 +782,17 @@ type Configuration struct { // http://nginx.org/en/docs/ngx_core_module.html#debug_connection // Default: "" DebugConnections []string `json:"debug-connections"` + + // DisablePathTypeValidation allows the admin to disable the pathType validation. + // If PathTypeValidation is enabled, the Controller will only allow alphanumeric + // characters on path (0-9, a-z, A-Z, "-", ".", "_", "~", "/") + DisablePathTypeValidation bool `json:"disable-pathtype-validation"` + + // PathAdditionalAllowedChars allows the admin to specify what are the additional + // characters allowed in case of pathType=ImplementationSpecific. + // Case disable-pathtype-validation=true, this characters will be allowed on any path. + // Defaults to: "^%$[](){}*+?" + PathAdditionalAllowedChars string `json:"path-additional-allowed-chars"` } // NewDefault returns the default nginx configuration @@ -817,6 +828,8 @@ func NewDefault() Configuration { ClientHeaderTimeout: 60, ClientBodyBufferSize: "8k", ClientBodyTimeout: 60, + DisablePathTypeValidation: false, + PathAdditionalAllowedChars: "^%$[](){}*+?|", EnableUnderscoresInHeaders: false, ErrorLogLevel: errorLevel, UseForwardedHeaders: false, diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index dab507cdf..5b22fd17a 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -325,6 +325,10 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error { k8s.SetDefaultNGINXPathType(ing) + if err := utilingress.ValidateIngressPath(ing, cfg.DisablePathTypeValidation, cfg.PathAdditionalAllowedChars); err != nil { + return fmt.Errorf("ingress contains invalid characters: %s", err) + } + allIngresses := n.store.ListIngresses() filter := func(toCheck *ingress.Ingress) bool { diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index 8cca10385..d91760552 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -201,6 +201,97 @@ func TestCheckIngress(t *testing.T) { }, }, } + + t.Run("when validating pathType", func(t *testing.T) { + t.Run("When ingress contains invalid path and pathType validation is not disabled", func(t *testing.T) { + nginx.store = fakeIngressStore{ + ingresses: []*ingress.Ingress{}, + configuration: ngx_config.Configuration{ + DisablePathTypeValidation: false, + }, + } + nginx.command = testNginxTestCommand{ + t: t, + err: nil, + expected: "", + } + nginx.cfg.IngressClassConfiguration = &ingressclass.IngressClassConfiguration{ + WatchWithoutClass: true, + } + ingPath := &networking.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ingress1", + Namespace: "user-namespace1", + Annotations: map[string]string{ + "kubernetes.io/ingress.class": "nginx", + }, + }, + Spec: networking.IngressSpec{ + Rules: []networking.IngressRule{ + { + Host: "example.com", + IngressRuleValue: networking.IngressRuleValue{ + HTTP: &networking.HTTPIngressRuleValue{ + Paths: []networking.HTTPIngressPath{ + { + Path: "/xpto/(a+)", + PathType: &pathTypePrefix, + }, + }, + }, + }, + }, + }, + }, + } + + if nginx.CheckIngress(ingPath) == nil { + t.Errorf("invalid path on pathTypePrefix and validation enabled should return an error") + } + }) + t.Run("When ingress contains invalid path and pathType validation is disabled", func(t *testing.T) { + nginx.store = fakeIngressStore{ + ingresses: []*ingress.Ingress{}, + configuration: ngx_config.Configuration{ + DisablePathTypeValidation: true, + PathAdditionalAllowedChars: "^%$[](){}*+?|", + }, + } + nginx.command = testNginxTestCommand{ + t: t, + err: nil, + expected: "_,example.com", + } + + ingPath := &networking.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ingress2", + Namespace: "user-namespace2", + }, + Spec: networking.IngressSpec{ + Rules: []networking.IngressRule{ + { + Host: "example.com", + IngressRuleValue: networking.IngressRuleValue{ + HTTP: &networking.HTTPIngressRuleValue{ + Paths: []networking.HTTPIngressPath{ + { + Path: "/example(/|$)(.*)", + PathType: &pathTypePrefix, + }, + }, + }, + }, + }, + }, + }, + } + + if nginx.CheckIngress(ingPath) != nil { + t.Errorf("invalid path on pathTypePrefix and validation disabled should not return an error: %s", nginx.CheckIngress(ingPath)) + } + }) + }) t.Run("when the class is the nginx one", func(t *testing.T) { ing.ObjectMeta.Annotations["kubernetes.io/ingress.class"] = "nginx" nginx.command = testNginxTestCommand{ diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 13af28137..1006858e8 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -846,6 +846,11 @@ func (s *k8sStore) syncIngress(ing *networkingv1.Ingress) { copyIng := &networkingv1.Ingress{} ing.ObjectMeta.DeepCopyInto(©Ing.ObjectMeta) + if err := ingressutils.ValidateIngressPath(ing, s.backendConfig.DisablePathTypeValidation, s.backendConfig.PathAdditionalAllowedChars); err != nil { + klog.Errorf("ingress %s contains invalid path and will be skipped: %s", key, err) + return + } + if s.backendConfig.AnnotationValueWordBlocklist != "" { if err := checkBadAnnotationValue(copyIng.Annotations, s.backendConfig.AnnotationValueWordBlocklist); err != nil { klog.Warningf("skipping ingress %s: %s", key, err) @@ -865,10 +870,6 @@ func (s *k8sStore) syncIngress(ing *networkingv1.Ingress) { if path.Path == "" { copyIng.Spec.Rules[ri].HTTP.Paths[pi].Path = "/" } - if !ingressutils.IsSafePath(copyIng, path.Path) { - klog.Warningf("ingress %s contains invalid path %s", key, path.Path) - return - } } } diff --git a/internal/k8s/main.go b/internal/k8s/main.go index e0d2a1660..6973b6cb7 100644 --- a/internal/k8s/main.go +++ b/internal/k8s/main.go @@ -180,9 +180,6 @@ func SetDefaultNGINXPathType(ing *networkingv1.Ingress) { p.PathType = &defaultPathType } - if *p.PathType == networkingv1.PathTypeImplementationSpecific { - p.PathType = &defaultPathType - } } } } diff --git a/pkg/util/ingress/ingress.go b/pkg/util/ingress/ingress.go index 5fb3ee7b9..e16518251 100644 --- a/pkg/util/ingress/ingress.go +++ b/pkg/util/ingress/ingress.go @@ -23,7 +23,6 @@ import ( networkingv1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/net/ssl" "k8s.io/ingress-nginx/pkg/apis/ingress" @@ -31,15 +30,15 @@ import ( ) const ( - alphaNumericChars = `\-\.\_\~a-zA-Z0-9/` - regexEnabledChars = `\^\$\[\]\(\)\{\}\*\+` + alphaNumericChars = `A-Za-z0-9\-\.\_\~\/` // This is the default allowed set on paths ) var ( - // pathAlphaNumeric is a regex validation of something like "^/[a-zA-Z]+$" on path - pathAlphaNumeric = regexp.MustCompile("^/[" + alphaNumericChars + "]*$").MatchString - // pathRegexEnabled is a regex validation of paths that may contain regex. - pathRegexEnabled = regexp.MustCompile("^/[" + alphaNumericChars + regexEnabledChars + "]*$").MatchString + // pathAlphaNumeric is a regex validation that allows only (0-9, a-z, A-Z, "-", ".", "_", "~", "/") + pathAlphaNumericRegex = regexp.MustCompile("^[" + alphaNumericChars + "]*$").MatchString + + // default path type is Prefix to not break existing definitions + defaultPathType = networkingv1.PathTypePrefix ) func GetRemovedHosts(rucfg, newcfg *ingress.Configuration) []string { @@ -247,12 +246,45 @@ func BuildRedirects(servers []*ingress.Server) []*redirect { return redirectServers } -// IsSafePath verifies if the path used in ingress object contains only valid characters. -// It will behave differently if regex is enabled or not -func IsSafePath(copyIng *networkingv1.Ingress, path string) bool { - isRegex, _ := parser.GetBoolAnnotation("use-regex", copyIng) - if isRegex { - return pathRegexEnabled(path) +func ValidateIngressPath(copyIng *networkingv1.Ingress, disablePathTypeValidation bool, additionalChars string) error { + + if copyIng == nil { + return nil } - return pathAlphaNumeric(path) + + escapedAdditionalChars := regexp.QuoteMeta(additionalChars) + regexPath, err := regexp.Compile("^[" + alphaNumericChars + escapedAdditionalChars + "]*$") + if err != nil { + return fmt.Errorf("ingress has misconfigured validation regex on configmap: %s - %w", additionalChars, err) + } + + for _, rule := range copyIng.Spec.Rules { + if rule.HTTP == nil { + continue + } + if err := checkPath(rule.HTTP.Paths, disablePathTypeValidation, regexPath); err != nil { + return fmt.Errorf("error validating ingressPath: %w", err) + } + } + return nil +} + +func checkPath(paths []networkingv1.HTTPIngressPath, disablePathTypeValidation bool, regexSpecificChars *regexp.Regexp) error { + for _, path := range paths { + if path.PathType == nil { + path.PathType = &defaultPathType + } + + if disablePathTypeValidation || *path.PathType == networkingv1.PathTypeImplementationSpecific { + if !regexSpecificChars.MatchString(path.Path) { + return fmt.Errorf("path %s of type %s contains invalid characters", path.Path, *path.PathType) + } + continue + } + + if !pathAlphaNumericRegex(path.Path) { + return fmt.Errorf("path %s of type %s contains invalid characters", path.Path, *path.PathType) + } + } + return nil } diff --git a/pkg/util/ingress/ingress_test.go b/pkg/util/ingress/ingress_test.go index d829a57f1..a79da6b6f 100644 --- a/pkg/util/ingress/ingress_test.go +++ b/pkg/util/ingress/ingress_test.go @@ -17,13 +17,10 @@ limitations under the License. package ingress import ( - "fmt" "testing" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - networkingv1 "k8s.io/api/networking/v1" - "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/ingress-nginx/pkg/apis/ingress" ) @@ -136,81 +133,168 @@ func TestIsDynamicConfigurationEnough(t *testing.T) { } } -func generateDumbIngressforPathTest(regexEnabled bool) *networkingv1.Ingress { - var annotations = make(map[string]string) - regexAnnotation := fmt.Sprintf("%s/use-regex", parser.AnnotationsPrefix) - if regexEnabled { - annotations[regexAnnotation] = "true" - } +func generateDumbIngressforPathTest(pathType *networkingv1.PathType, path string) *networkingv1.Ingress { return &networkingv1.Ingress{ ObjectMeta: metav1.ObjectMeta{ - Name: "dumb", - Namespace: "default", - Annotations: annotations, + Name: "dumb", + Namespace: "default", + }, + Spec: networkingv1.IngressSpec{ + Rules: []networkingv1.IngressRule{ + { + Host: "test.com", + IngressRuleValue: networkingv1.IngressRuleValue{ + HTTP: &networkingv1.HTTPIngressRuleValue{ + Paths: []networkingv1.HTTPIngressPath{ + { + PathType: pathType, + Path: path, + }, + }, + }, + }, + }, + }, }, } } -func TestIsSafePath(t *testing.T) { +func generateComplexIngress(ing *networkingv1.Ingress) *networkingv1.Ingress { + + oldRules := ing.Spec.DeepCopy().Rules + ing.Spec.Rules = []networkingv1.IngressRule{ + { + Host: "test1.com", + IngressRuleValue: networkingv1.IngressRuleValue{ + HTTP: &networkingv1.HTTPIngressRuleValue{ + Paths: []networkingv1.HTTPIngressPath{ + { + PathType: &pathTypeExact, + Path: "/xpto", + }, + }, + }, + }, + }, + { + Host: "test2.com", + IngressRuleValue: networkingv1.IngressRuleValue{ + HTTP: &networkingv1.HTTPIngressRuleValue{ + Paths: []networkingv1.HTTPIngressPath{ + { + PathType: &pathTypeExact, + Path: "/someotherpath", + }, + { + PathType: &pathTypePrefix, + Path: "/someprefix/~xpto/lala123", + }, + }, + }, + }, + }, + } + // we want to invert the order to test better :) + ing.Spec.Rules = append(ing.Spec.Rules, oldRules...) + + return ing +} + +var ( + pathTypeExact = networkingv1.PathTypeExact + pathTypePrefix = networkingv1.PathTypePrefix + pathTypeImplSpecific = networkingv1.PathTypeImplementationSpecific +) + +const ( + defaultAdditionalChars = "^%$[](){}*+?" +) + +func TestValidateIngressPath(t *testing.T) { tests := []struct { - name string - copyIng *networkingv1.Ingress - path string - want bool + name string + copyIng *networkingv1.Ingress + disablePathTypeValidation bool + additionalChars string + wantErr bool }{ { - name: "should accept valid path with regex disabled", - want: true, - copyIng: generateDumbIngressforPathTest(false), - path: "/xpto/~user/t-e_st.exe", + name: "should return nil when ingress = nil", + wantErr: false, + copyIng: nil, }, { - name: "should accept valid path / with regex disabled", - want: true, - copyIng: generateDumbIngressforPathTest(false), - path: "/", + name: "should accept valid path on pathType Exact", + wantErr: false, + copyIng: generateDumbIngressforPathTest(&pathTypeExact, "/xpto/~user9/t-e_st.exe"), }, { - name: "should reject invalid path with invalid chars", - want: false, - copyIng: generateDumbIngressforPathTest(false), - path: "/foo/bar/;xpto", + name: "should accept valid path on pathType Prefix", + wantErr: false, + copyIng: generateDumbIngressforPathTest(&pathTypePrefix, "/xpto/~user9/t-e_st.exe"), }, { - name: "should reject regex path when regex is disabled", - want: false, - copyIng: generateDumbIngressforPathTest(false), - path: "/foo/bar/(.+)", + name: "should accept valid simple path on pathType Impl Specific", + wantErr: false, + copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/xpto/~user9/t-e_st.exe"), }, { - name: "should accept valid path / with regex enabled", - want: true, - copyIng: generateDumbIngressforPathTest(true), - path: "/", + name: "should accept valid path on pathType nil", + wantErr: false, + copyIng: generateDumbIngressforPathTest(nil, "/xpto/~user/t-e_st.exe"), }, { - name: "should accept regex path when regex is enabled", - want: true, - copyIng: generateDumbIngressforPathTest(true), - path: "/foo/bar/(.+)", + name: "should accept empty path", + wantErr: false, + copyIng: generateDumbIngressforPathTest(&pathTypePrefix, ""), }, { - name: "should reject regex path when regex is enabled but the path is invalid", - want: false, - copyIng: generateDumbIngressforPathTest(true), - path: "/foo/bar/;xpto", + name: "should deny path with bad characters and pathType not implementationSpecific", + wantErr: true, + additionalChars: defaultAdditionalChars, + copyIng: generateDumbIngressforPathTest(&pathTypeExact, "/foo/bar/(.+)"), }, { - name: "should reject regex path when regex is enabled but the path is invalid", - want: false, - copyIng: generateDumbIngressforPathTest(true), - path: ";xpto", + name: "should accept path with regex characters and pathType implementationSpecific", + wantErr: false, + additionalChars: defaultAdditionalChars, + copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.+)"), + }, + { + name: "should accept path with regex characters and pathType exact, but pathType validation disabled", + wantErr: false, + additionalChars: defaultAdditionalChars, + disablePathTypeValidation: true, + copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.+)"), + }, + { + name: "should reject path when the allowed additional set does not match", + wantErr: true, + additionalChars: "().?", + disablePathTypeValidation: false, + copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.+)"), + }, + { + name: "should accept path when the allowed additional set does match", + wantErr: false, + additionalChars: "().?", + copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.?)"), + }, + { + name: "should block if at least one path is bad", + wantErr: true, + copyIng: generateComplexIngress(generateDumbIngressforPathTest(&pathTypeExact, "/foo/bar/(.?)")), + }, + { + name: "should block if at least one path is bad", + wantErr: true, + copyIng: generateComplexIngress(generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.?)")), }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := IsSafePath(tt.copyIng, tt.path); got != tt.want { - t.Errorf("IsSafePath() = %v, want %v", got, tt.want) + if err := ValidateIngressPath(tt.copyIng, tt.disablePathTypeValidation, tt.additionalChars); (err != nil) != tt.wantErr { + t.Errorf("ValidateIngressPath() error = %v, wantErr %v", err, tt.wantErr) } }) } diff --git a/test/e2e/admission/admission.go b/test/e2e/admission/admission.go index bde98fddf..5c037a0c5 100644 --- a/test/e2e/admission/admission.go +++ b/test/e2e/admission/admission.go @@ -30,6 +30,14 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/ingress-nginx/test/e2e/framework" + + networkingv1 "k8s.io/api/networking/v1" +) + +var ( + pathExact = networkingv1.PathTypeExact + pathPrefix = networkingv1.PathTypePrefix + pathImplSpecific = networkingv1.PathTypeImplementationSpecific ) var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() { @@ -152,6 +160,32 @@ var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() { assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error") }) + ginkgo.It("should reject ingress with bad characters and pathType != ImplementationSpecific", func() { + host := "admission-test" + + firstIngress := framework.NewSingleIngress("first-ingress", "/xpto*", host, f.Namespace, framework.EchoService, 80, nil) + firstIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathPrefix + _, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{}) + assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid path value should return an error") + + secondIngress := framework.NewSingleIngress("second-ingress", "/abc123*", host, f.Namespace, framework.EchoService, 80, nil) + secondIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathImplSpecific + _, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), secondIngress, metav1.CreateOptions{}) + assert.Nil(ginkgo.GinkgoT(), err, "creating an ingress with regex on path and pathType ImplementationSpecific should not return an error") + + }) + + ginkgo.It("should not validate characters on ingress when validation of pathType is disabled", func() { + host := "admission-test" + + f.UpdateNginxConfigMapData("disable-pathtype-validation", "true") + + firstIngress := framework.NewSingleIngress("first-ingress", "/xpto*", host, f.Namespace, framework.EchoService, 80, nil) + firstIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathPrefix + _, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{}) + assert.Nil(ginkgo.GinkgoT(), err, "creating an ingress with regex chars on path and pathType validation disabled should be accepted") + }) + ginkgo.It("should return an error if there is a forbidden value in some annotation", func() { host := "admission-test" diff --git a/test/e2e/annotations/affinity.go b/test/e2e/annotations/affinity.go index 3e1e9e969..31e8905d1 100644 --- a/test/e2e/annotations/affinity.go +++ b/test/e2e/annotations/affinity.go @@ -35,6 +35,8 @@ import ( var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f := framework.NewDefaultFramework("affinity") + pathImpl := networking.PathTypeImplementationSpecific + ginkgo.BeforeEach(func() { f.NewEchoDeployment(framework.WithDeploymentReplicas(2)) }) @@ -276,6 +278,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { annotations["nginx.ingress.kubernetes.io/session-cookie-path"] = "/foo/bar" ing := framework.NewSingleIngress(host, "/foo/.*", host, f.Namespace, framework.EchoService, 80, annotations) + ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathImpl + f.EnsureIngress(ing) f.WaitForNginxServer(host, @@ -299,6 +303,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { annotations["nginx.ingress.kubernetes.io/use-regex"] = "true" ing := framework.NewSingleIngress(host, "/foo/.*", host, f.Namespace, framework.EchoService, 80, annotations) + ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathImpl + f.EnsureIngress(ing) f.WaitForNginxServer(host, diff --git a/test/e2e/annotations/rewrite.go b/test/e2e/annotations/rewrite.go index 79738b984..0c426a8df 100644 --- a/test/e2e/annotations/rewrite.go +++ b/test/e2e/annotations/rewrite.go @@ -24,12 +24,15 @@ import ( "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" + networking "k8s.io/api/networking/v1" "k8s.io/ingress-nginx/test/e2e/framework" ) var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-log", func() { f := framework.NewDefaultFramework("rewrite") + pathImpl := networking.PathTypeImplementationSpecific + ginkgo.BeforeEach(func() { f.NewEchoDeployment() }) @@ -126,6 +129,7 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo "nginx.ingress.kubernetes.io/rewrite-target": "/new/backend", } ing = framework.NewSingleIngress("regex", "/foo.+", host, f.Namespace, framework.EchoService, 80, annotations) + ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathImpl f.EnsureIngress(ing) f.WaitForNginxServer(host, @@ -168,6 +172,8 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo "nginx.ingress.kubernetes.io/rewrite-target": "/new/backend", } ing = framework.NewSingleIngress("regex", "/foo/bar/[a-z]{3}", host, f.Namespace, framework.EchoService, 80, annotations) + ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathImpl + f.EnsureIngress(ing) f.WaitForNginxServer(host, @@ -196,6 +202,8 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo "nginx.ingress.kubernetes.io/rewrite-target": "/new/backend/$1", } ing := framework.NewSingleIngress("regex", "/foo/bar/(.+)", host, f.Namespace, framework.EchoService, 80, annotations) + ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathImpl + f.EnsureIngress(ing) f.WaitForNginxServer(host, diff --git a/test/e2e/security/invalid_paths.go b/test/e2e/security/invalid_paths.go deleted file mode 100644 index d75aefc2c..000000000 --- a/test/e2e/security/invalid_paths.go +++ /dev/null @@ -1,134 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package security - -import ( - "fmt" - "net/http" - "strings" - - "github.com/onsi/ginkgo/v2" - - "k8s.io/ingress-nginx/test/e2e/framework" -) - -const ( - validPath = "/xpto/~user/t-e_st.exe" - invalidPath = "/foo/bar/;xpto" - regexPath = "/foo/bar/(.+)" - host = "securitytest.com" -) - -var ( - annotationRegex = map[string]string{ - "nginx.ingress.kubernetes.io/use-regex": "true", - } -) - -var _ = framework.IngressNginxDescribe("[Security] validate path fields", func() { - f := framework.NewDefaultFramework("validate-path") - - ginkgo.BeforeEach(func() { - f.NewEchoDeployment() - }) - - ginkgo.It("should accept an ingress with valid path", func() { - - ing := framework.NewSingleIngress(host, validPath, host, f.Namespace, framework.EchoService, 80, nil) - - f.EnsureIngress(ing) - - f.WaitForNginxServer(host, - func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) - }) - - f.HTTPTestClient(). - GET(validPath). - WithHeader("Host", host). - Expect(). - Status(http.StatusOK) - }) - - ginkgo.It("should drop an ingress with invalid path", func() { - - ing := framework.NewSingleIngress(host, invalidPath, host, f.Namespace, framework.EchoService, 80, nil) - f.EnsureIngress(ing) - - f.WaitForNginxServer(host, - func(server string) bool { - return !strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) - }) - - f.HTTPTestClient(). - GET(invalidPath). - WithHeader("Host", host). - Expect(). - Status(http.StatusNotFound) - }) - - ginkgo.It("should drop an ingress with regex path and regex disabled", func() { - - ing := framework.NewSingleIngress(host, regexPath, host, f.Namespace, framework.EchoService, 80, nil) - f.EnsureIngress(ing) - - f.WaitForNginxServer(host, - func(server string) bool { - return !strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) - }) - - f.HTTPTestClient(). - GET("/foo/bar/lalala"). - WithHeader("Host", host). - Expect(). - Status(http.StatusNotFound) - }) - - ginkgo.It("should accept an ingress with regex path and regex enabled", func() { - - ing := framework.NewSingleIngress(host, regexPath, host, f.Namespace, framework.EchoService, 80, annotationRegex) - f.EnsureIngress(ing) - - f.WaitForNginxServer(host, - func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) - }) - - f.HTTPTestClient(). - GET("/foo/bar/lalala"). - WithHeader("Host", host). - Expect(). - Status(http.StatusOK) - }) - - ginkgo.It("should reject an ingress with invalid path and regex enabled", func() { - - ing := framework.NewSingleIngress(host, invalidPath, host, f.Namespace, framework.EchoService, 80, annotationRegex) - f.EnsureIngress(ing) - - f.WaitForNginxServer(host, - func(server string) bool { - return !strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) - }) - - f.HTTPTestClient(). - GET(invalidPath). - WithHeader("Host", host). - Expect(). - Status(http.StatusNotFound) - }) -}) From fe2e713f424a01b2261d79f461cd0f71e0e38047 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Wed, 18 Jan 2023 15:10:34 +0200 Subject: [PATCH 481/494] Bump `client-go` to remove dependence on go-autorest dependency (#9488) * deps: bump k8s dependencies to remove go-autorest * fix: update use of apiv1.LoadBalancerIngress Due to changes in the Kubernetes API, we needed to switch to using v1.IngressLoadBalancerIngress instead of apiv1.LoadBalancerIngress. The struct is otherwise identical despite the name change. * fix ingress status test cases Signed-off-by: Jintao Zhang Signed-off-by: Ismayil Mirzali Signed-off-by: Jintao Zhang Signed-off-by: Ismayil Mirzali Co-authored-by: Jintao Zhang --- go.mod | 35 ++++----- go.sum | 83 +++++++-------------- internal/ingress/status/status.go | 45 ++++++------ internal/ingress/status/status_test.go | 99 +++++++++++++------------- test/e2e/status/update.go | 8 +-- 5 files changed, 114 insertions(+), 156 deletions(-) diff --git a/go.mod b/go.mod index 2daf8e667..780cac648 100644 --- a/go.mod +++ b/go.mod @@ -30,14 +30,14 @@ require ( google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.25.4 - k8s.io/apiextensions-apiserver v0.25.0 - k8s.io/apimachinery v0.25.4 - k8s.io/apiserver v0.25.0 - k8s.io/cli-runtime v0.25.0 - k8s.io/client-go v0.25.4 - k8s.io/code-generator v0.25.0 - k8s.io/component-base v0.25.4 + k8s.io/api v0.26.0 + k8s.io/apiextensions-apiserver v0.26.0 + k8s.io/apimachinery v0.26.0 + k8s.io/apiserver v0.26.0 + k8s.io/cli-runtime v0.26.0 + k8s.io/client-go v0.26.0 + k8s.io/code-generator v0.26.0 + k8s.io/component-base v0.26.0 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.13.1 @@ -45,17 +45,7 @@ require ( ) require ( - cloud.google.com/go/compute v1.12.1 // indirect - cloud.google.com/go/compute/metadata v0.2.1 // indirect - github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.27 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect - github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect - github.com/Azure/go-autorest/logger v0.2.1 // indirect - github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/BurntSushi/toml v1.0.0 // indirect - github.com/PuerkitoBio/purell v1.1.1 // indirect - github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -70,11 +60,10 @@ require ( github.com/go-errors/errors v1.0.1 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.19.5 // indirect + github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/swag v0.19.14 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7 // indirect @@ -123,9 +112,9 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect - k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect - k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect + k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect + k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect + k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect diff --git a/go.sum b/go.sum index 84a8bb106..f03756bab 100644 --- a/go.sum +++ b/go.sum @@ -19,10 +19,6 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0= -cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= -cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48= -cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= @@ -35,30 +31,10 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= -github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= -github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= -github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= -github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= -github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= -github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= -github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= -github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= -github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -126,7 +102,6 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= @@ -135,8 +110,8 @@ github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM= -github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= +github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= +github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= @@ -147,9 +122,6 @@ github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= -github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -362,7 +334,6 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -421,8 +392,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -471,7 +440,6 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -490,7 +458,6 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -511,7 +478,6 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -750,32 +716,31 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.25.4 h1:3YO8J4RtmG7elEgaWMb4HgmpS2CfY1QlaOz9nwB+ZSs= -k8s.io/api v0.25.4/go.mod h1:IG2+RzyPQLllQxnhzD8KQNEu4c4YvyDTpSMztf4A0OQ= -k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY= -k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E= -k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc= -k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= -k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= -k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= -k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= -k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= -k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8= -k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw= -k8s.io/code-generator v0.25.0 h1:QP8fJuXu882ztf6dsqJsso/Btm94pMd68TAZC1rE6KI= -k8s.io/code-generator v0.25.0/go.mod h1:B6jZgI3DvDFAualltPitbYMQ74NjaCFxum3YeKZZ+3w= -k8s.io/component-base v0.25.4 h1:n1bjg9Yt+G1C0WnIDJmg2fo6wbEU1UGMRiQSjmj7hNQ= -k8s.io/component-base v0.25.4/go.mod h1:nnZJU8OP13PJEm6/p5V2ztgX2oyteIaAGKGMYb2L2cY= -k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI= -k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= +k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I= +k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= +k8s.io/apiextensions-apiserver v0.26.0 h1:Gy93Xo1eg2ZIkNX/8vy5xviVSxwQulsnUdQ00nEdpDo= +k8s.io/apiextensions-apiserver v0.26.0/go.mod h1:7ez0LTiyW5nq3vADtK6C3kMESxadD51Bh6uz3JOlqWQ= +k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg= +k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= +k8s.io/apiserver v0.26.0 h1:q+LqIK5EZwdznGZb8bq0+a+vCqdeEEe4Ux3zsOjbc4o= +k8s.io/apiserver v0.26.0/go.mod h1:aWhlLD+mU+xRo+zhkvP/gFNbShI4wBDHS33o0+JGI84= +k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw= +k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY= +k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8= +k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg= +k8s.io/code-generator v0.26.0 h1:ZDY+7Gic9p/lACgD1G72gQg2CvNGeAYZTPIncv+iALM= +k8s.io/code-generator v0.26.0/go.mod h1:OMoJ5Dqx1wgaQzKgc+ZWaZPfGjdRq/Y3WubFrZmeI3I= +k8s.io/component-base v0.26.0 h1:0IkChOCohtDHttmKuz+EP3j3+qKmV55rM9gIFTXA7Vs= +k8s.io/component-base v0.26.0/go.mod h1:lqHwlfV1/haa14F/Z5Zizk5QmzaVf23nQzCwVOQpfC8= +k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= +k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= -k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= -k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4= -k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R5A2EgsVzG8RTt4RfPoQuRAcDmg= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/internal/ingress/status/status.go b/internal/ingress/status/status.go index 2e53682a0..eac1f6cb0 100644 --- a/internal/ingress/status/status.go +++ b/internal/ingress/status/status.go @@ -19,6 +19,7 @@ package status import ( "context" "fmt" + v1 "k8s.io/api/networking/v1" "net" "regexp" "sort" @@ -128,7 +129,7 @@ func (s statusSync) Shutdown() { } klog.InfoS("removing value from ingress status", "address", addrs) - s.updateStatus([]apiv1.LoadBalancerIngress{}) + s.updateStatus([]v1.IngressLoadBalancerIngress{}) } func (s *statusSync) sync(key interface{}) error { @@ -160,21 +161,21 @@ func NewStatusSyncer(config Config) Syncer { return st } -func nameOrIPToLoadBalancerIngress(nameOrIP string) apiv1.LoadBalancerIngress { +func nameOrIPToLoadBalancerIngress(nameOrIP string) v1.IngressLoadBalancerIngress { if net.ParseIP(nameOrIP) != nil { - return apiv1.LoadBalancerIngress{IP: nameOrIP} + return v1.IngressLoadBalancerIngress{IP: nameOrIP} } - return apiv1.LoadBalancerIngress{Hostname: nameOrIP} + return v1.IngressLoadBalancerIngress{Hostname: nameOrIP} } // runningAddresses returns a list of IP addresses and/or FQDN where the // ingress controller is currently running -func (s *statusSync) runningAddresses() ([]apiv1.LoadBalancerIngress, error) { +func (s *statusSync) runningAddresses() ([]v1.IngressLoadBalancerIngress, error) { if s.PublishStatusAddress != "" { re := regexp.MustCompile(`,\s*`) multipleAddrs := re.Split(s.PublishStatusAddress, -1) - addrs := make([]apiv1.LoadBalancerIngress, len(multipleAddrs)) + addrs := make([]v1.IngressLoadBalancerIngress, len(multipleAddrs)) for i, addr := range multipleAddrs { addrs[i] = nameOrIPToLoadBalancerIngress(addr) } @@ -193,7 +194,7 @@ func (s *statusSync) runningAddresses() ([]apiv1.LoadBalancerIngress, error) { return nil, err } - addrs := make([]apiv1.LoadBalancerIngress, 0) + addrs := make([]v1.IngressLoadBalancerIngress, 0) for i := range pods.Items { pod := pods.Items[i] // only Running pods are valid @@ -250,7 +251,7 @@ func (s *statusSync) isRunningMultiplePods() bool { // standardizeLoadBalancerIngresses sorts the list of loadbalancer by // IP -func standardizeLoadBalancerIngresses(lbi []apiv1.LoadBalancerIngress) []apiv1.LoadBalancerIngress { +func standardizeLoadBalancerIngresses(lbi []v1.IngressLoadBalancerIngress) []v1.IngressLoadBalancerIngress { sort.SliceStable(lbi, func(a, b int) bool { return lbi[a].IP < lbi[b].IP }) @@ -259,7 +260,7 @@ func standardizeLoadBalancerIngresses(lbi []apiv1.LoadBalancerIngress) []apiv1.L } // updateStatus changes the status information of Ingress rules -func (s *statusSync) updateStatus(newIngressPoint []apiv1.LoadBalancerIngress) { +func (s *statusSync) updateStatus(newIngressPoint []v1.IngressLoadBalancerIngress) { ings := s.IngressLister.ListIngresses() p := pool.NewLimited(10) @@ -283,7 +284,7 @@ func (s *statusSync) updateStatus(newIngressPoint []apiv1.LoadBalancerIngress) { batch.WaitAll() } -func runUpdate(ing *ingress.Ingress, status []apiv1.LoadBalancerIngress, +func runUpdate(ing *ingress.Ingress, status []v1.IngressLoadBalancerIngress, client clientset.Interface) pool.WorkFunc { return func(wu pool.WorkUnit) (interface{}, error) { if wu.IsCancelled() { @@ -307,7 +308,7 @@ func runUpdate(ing *ingress.Ingress, status []apiv1.LoadBalancerIngress, } } -func lessLoadBalancerIngress(addrs []apiv1.LoadBalancerIngress) func(int, int) bool { +func lessLoadBalancerIngress(addrs []v1.IngressLoadBalancerIngress) func(int, int) bool { return func(a, b int) bool { switch strings.Compare(addrs[a].Hostname, addrs[b].Hostname) { case -1: @@ -319,7 +320,7 @@ func lessLoadBalancerIngress(addrs []apiv1.LoadBalancerIngress) func(int, int) b } } -func ingressSliceEqual(lhs, rhs []apiv1.LoadBalancerIngress) bool { +func ingressSliceEqual(lhs, rhs []v1.IngressLoadBalancerIngress) bool { if len(lhs) != len(rhs) { return false } @@ -336,7 +337,7 @@ func ingressSliceEqual(lhs, rhs []apiv1.LoadBalancerIngress) bool { return true } -func statusAddressFromService(service string, kubeClient clientset.Interface) ([]apiv1.LoadBalancerIngress, error) { +func statusAddressFromService(service string, kubeClient clientset.Interface) ([]v1.IngressLoadBalancerIngress, error) { ns, name, _ := k8s.ParseNameNS(service) svc, err := kubeClient.CoreV1().Services(ns).Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { @@ -345,28 +346,28 @@ func statusAddressFromService(service string, kubeClient clientset.Interface) ([ switch svc.Spec.Type { case apiv1.ServiceTypeExternalName: - return []apiv1.LoadBalancerIngress{{ + return []v1.IngressLoadBalancerIngress{{ Hostname: svc.Spec.ExternalName, }}, nil case apiv1.ServiceTypeClusterIP: - return []apiv1.LoadBalancerIngress{{ + return []v1.IngressLoadBalancerIngress{{ IP: svc.Spec.ClusterIP, }}, nil case apiv1.ServiceTypeNodePort: if svc.Spec.ExternalIPs == nil { - return []apiv1.LoadBalancerIngress{{ + return []v1.IngressLoadBalancerIngress{{ IP: svc.Spec.ClusterIP, }}, nil } - addrs := make([]apiv1.LoadBalancerIngress, len(svc.Spec.ExternalIPs)) + addrs := make([]v1.IngressLoadBalancerIngress, len(svc.Spec.ExternalIPs)) for i, ip := range svc.Spec.ExternalIPs { - addrs[i] = apiv1.LoadBalancerIngress{IP: ip} + addrs[i] = v1.IngressLoadBalancerIngress{IP: ip} } return addrs, nil case apiv1.ServiceTypeLoadBalancer: - addrs := make([]apiv1.LoadBalancerIngress, len(svc.Status.LoadBalancer.Ingress)) + addrs := make([]v1.IngressLoadBalancerIngress, len(svc.Status.LoadBalancer.Ingress)) for i, ingress := range svc.Status.LoadBalancer.Ingress { - addrs[i] = apiv1.LoadBalancerIngress{} + addrs[i] = v1.IngressLoadBalancerIngress{} if ingress.Hostname != "" { addrs[i].Hostname = ingress.Hostname } @@ -376,7 +377,7 @@ func statusAddressFromService(service string, kubeClient clientset.Interface) ([ } for _, ip := range svc.Spec.ExternalIPs { if !stringInIngresses(ip, addrs) { - addrs = append(addrs, apiv1.LoadBalancerIngress{IP: ip}) + addrs = append(addrs, v1.IngressLoadBalancerIngress{IP: ip}) } } return addrs, nil @@ -386,7 +387,7 @@ func statusAddressFromService(service string, kubeClient clientset.Interface) ([ } // stringInSlice returns true if s is in list -func stringInIngresses(s string, list []apiv1.LoadBalancerIngress) bool { +func stringInIngresses(s string, list []v1.IngressLoadBalancerIngress) bool { for _, v := range list { if v.IP == s || v.Hostname == s { return true diff --git a/internal/ingress/status/status_test.go b/internal/ingress/status/status_test.go index d4ef09e7c..3dd56f37d 100644 --- a/internal/ingress/status/status_test.go +++ b/internal/ingress/status/status_test.go @@ -34,8 +34,8 @@ import ( "k8s.io/ingress-nginx/pkg/apis/ingress" ) -func buildLoadBalancerIngressByIP() []apiv1.LoadBalancerIngress { - return []apiv1.LoadBalancerIngress{ +func buildLoadBalancerIngressByIP() []networking.IngressLoadBalancerIngress { + return []networking.IngressLoadBalancerIngress{ { IP: "10.0.0.1", Hostname: "foo1", @@ -123,17 +123,20 @@ func buildSimpleClientSet() *testclient.Clientset { }, }}, &apiv1.ServiceList{Items: []apiv1.Service{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "foo", - Namespace: apiv1.NamespaceDefault, - }, - Status: apiv1.ServiceStatus{ - LoadBalancer: apiv1.LoadBalancerStatus{ - Ingress: buildLoadBalancerIngressByIP(), - }, - }, - }, + // This is commented out as the ServiceStatus.LoadBalancer field expects a LoadBalancerStatus object + // which is incompatible with the current Ingress struct which expects a IngressLoadBalancerStatus object + // TODO: update this service when the ServiceStatus struct gets updated + //{ + // ObjectMeta: metav1.ObjectMeta{ + // Name: "foo", + // Namespace: apiv1.NamespaceDefault, + // }, + // Status: apiv1.ServiceStatus{ + // LoadBalancer: apiv1.LoadBalancerStatus{ + // Ingress: buildLoadBalancerIngressByIP(), + // }, + // }, + //}, { ObjectMeta: metav1.ObjectMeta{ Name: "foo_non_exist", @@ -199,8 +202,8 @@ func buildExtensionsIngresses() []networking.Ingress { Namespace: apiv1.NamespaceDefault, }, Status: networking.IngressStatus{ - LoadBalancer: apiv1.LoadBalancerStatus{ - Ingress: []apiv1.LoadBalancerIngress{ + LoadBalancer: networking.IngressLoadBalancerStatus{ + Ingress: []networking.IngressLoadBalancerIngress{ { IP: "10.0.0.1", Hostname: "foo1", @@ -218,8 +221,8 @@ func buildExtensionsIngresses() []networking.Ingress { }, }, Status: networking.IngressStatus{ - LoadBalancer: apiv1.LoadBalancerStatus{ - Ingress: []apiv1.LoadBalancerIngress{ + LoadBalancer: networking.IngressLoadBalancerStatus{ + Ingress: []networking.IngressLoadBalancerIngress{ { IP: "0.0.0.0", Hostname: "foo.bar.com", @@ -234,8 +237,8 @@ func buildExtensionsIngresses() []networking.Ingress { Namespace: apiv1.NamespaceDefault, }, Status: networking.IngressStatus{ - LoadBalancer: apiv1.LoadBalancerStatus{ - Ingress: []apiv1.LoadBalancerIngress{}, + LoadBalancer: networking.IngressLoadBalancerStatus{ + Ingress: []networking.IngressLoadBalancerIngress{}, }, }, }, @@ -261,7 +264,7 @@ func (til *testIngressLister) ListIngresses() []*ingress.Ingress { Namespace: apiv1.NamespaceDefault, }, Status: networking.IngressStatus{ - LoadBalancer: apiv1.LoadBalancerStatus{ + LoadBalancer: networking.IngressLoadBalancerStatus{ Ingress: buildLoadBalancerIngressByIP(), }, }, @@ -325,7 +328,7 @@ func TestStatusActions(t *testing.T) { fk.sync("just-test") // PublishService is empty, so the running address is: ["11.0.0.2"] // after updated, the ingress's ip should only be "11.0.0.2" - newIPs := []apiv1.LoadBalancerIngress{{ + newIPs := []networking.IngressLoadBalancerIngress{{ IP: "11.0.0.2", }} fooIngress1, err1 := fk.Client.NetworkingV1().Ingresses(apiv1.NamespaceDefault).Get(context.TODO(), "foo_ingress_1", metav1.GetOptions{}) @@ -342,7 +345,7 @@ func TestStatusActions(t *testing.T) { // execute shutdown fk.Shutdown() // ingress should be empty - newIPs2 := []apiv1.LoadBalancerIngress{} + var newIPs2 []networking.IngressLoadBalancerIngress fooIngress2, err2 := fk.Client.NetworkingV1().Ingresses(apiv1.NamespaceDefault).Get(context.TODO(), "foo_ingress_1", metav1.GetOptions{}) if err2 != nil { t.Fatalf("unexpected error") @@ -382,7 +385,7 @@ func TestKeyfunc(t *testing.T) { func TestRunningAddressesWithPublishService(t *testing.T) { testCases := map[string]struct { fakeClient *testclient.Clientset - expected []apiv1.LoadBalancerIngress + expected []networking.IngressLoadBalancerIngress errExpected bool }{ "service type ClusterIP": { @@ -416,7 +419,7 @@ func TestRunningAddressesWithPublishService(t *testing.T) { }, }, ), - []apiv1.LoadBalancerIngress{ + []networking.IngressLoadBalancerIngress{ {IP: "1.1.1.1"}, }, false, @@ -437,7 +440,7 @@ func TestRunningAddressesWithPublishService(t *testing.T) { }, }, ), - []apiv1.LoadBalancerIngress{ + []networking.IngressLoadBalancerIngress{ {IP: "1.1.1.1"}, }, false, @@ -458,7 +461,7 @@ func TestRunningAddressesWithPublishService(t *testing.T) { }, }, ), - []apiv1.LoadBalancerIngress{ + []networking.IngressLoadBalancerIngress{ {Hostname: "foo.bar"}, }, false, @@ -495,7 +498,7 @@ func TestRunningAddressesWithPublishService(t *testing.T) { }, }, ), - []apiv1.LoadBalancerIngress{ + []networking.IngressLoadBalancerIngress{ {IP: "10.0.0.1"}, {Hostname: "foo"}, { @@ -530,7 +533,7 @@ func TestRunningAddressesWithPublishService(t *testing.T) { }, }, ), - []apiv1.LoadBalancerIngress{ + []networking.IngressLoadBalancerIngress{ {IP: "10.0.0.1"}, }, false, @@ -568,7 +571,7 @@ func TestRunningAddressesWithPublishService(t *testing.T) { } if ra == nil { - t.Fatalf("returned nil but expected valid []apiv1.LoadBalancerIngress") + t.Fatalf("returned nil but expected valid []networking.IngressLoadBalancerIngress") } if !reflect.DeepEqual(tc.expected, ra) { @@ -584,7 +587,7 @@ func TestRunningAddressesWithPods(t *testing.T) { r, _ := fk.runningAddresses() if r == nil { - t.Fatalf("returned nil but expected valid []apiv1.LoadBalancerIngress") + t.Fatalf("returned nil but expected valid []networking.IngressLoadBalancerIngress") } rl := len(r) if len(r) != 1 { @@ -592,7 +595,7 @@ func TestRunningAddressesWithPods(t *testing.T) { } rv := r[0] if rv.IP != "11.0.0.2" { - t.Errorf("returned %v but expected %v", rv, apiv1.LoadBalancerIngress{IP: "11.0.0.2"}) + t.Errorf("returned %v but expected %v", rv, networking.IngressLoadBalancerIngress{IP: "11.0.0.2"}) } } @@ -602,7 +605,7 @@ func TestRunningAddressesWithPublishStatusAddress(t *testing.T) { ra, _ := fk.runningAddresses() if ra == nil { - t.Fatalf("returned nil but expected valid []apiv1.LoadBalancerIngress") + t.Fatalf("returned nil but expected valid []networking.IngressLoadBalancerIngress") } rl := len(ra) if len(ra) != 1 { @@ -610,7 +613,7 @@ func TestRunningAddressesWithPublishStatusAddress(t *testing.T) { } rv := ra[0] if rv.IP != "127.0.0.1" { - t.Errorf("returned %v but expected %v", rv, apiv1.LoadBalancerIngress{IP: "127.0.0.1"}) + t.Errorf("returned %v but expected %v", rv, networking.IngressLoadBalancerIngress{IP: "127.0.0.1"}) } } @@ -620,7 +623,7 @@ func TestRunningAddressesWithPublishStatusAddresses(t *testing.T) { ra, _ := fk.runningAddresses() if ra == nil { - t.Fatalf("returned nil but expected valid []apiv1.LoadBalancerIngress") + t.Fatalf("returned nil but expected valid []networking.IngressLoadBalancerIngress") } rl := len(ra) if len(ra) != 2 { @@ -629,10 +632,10 @@ func TestRunningAddressesWithPublishStatusAddresses(t *testing.T) { rv := ra[0] rv2 := ra[1] if rv.IP != "127.0.0.1" { - t.Errorf("returned %v but expected %v", rv, apiv1.LoadBalancerIngress{IP: "127.0.0.1"}) + t.Errorf("returned %v but expected %v", rv, networking.IngressLoadBalancerIngress{IP: "127.0.0.1"}) } if rv2.IP != "1.1.1.1" { - t.Errorf("returned %v but expected %v", rv2, apiv1.LoadBalancerIngress{IP: "1.1.1.1"}) + t.Errorf("returned %v but expected %v", rv2, networking.IngressLoadBalancerIngress{IP: "1.1.1.1"}) } } @@ -642,7 +645,7 @@ func TestRunningAddressesWithPublishStatusAddressesAndSpaces(t *testing.T) { ra, _ := fk.runningAddresses() if ra == nil { - t.Fatalf("returned nil but expected valid []apiv1.LoadBalancerIngresst") + t.Fatalf("returned nil but expected valid []networking.IngressLoadBalancerIngresst") } rl := len(ra) if len(ra) != 2 { @@ -651,15 +654,15 @@ func TestRunningAddressesWithPublishStatusAddressesAndSpaces(t *testing.T) { rv := ra[0] rv2 := ra[1] if rv.IP != "127.0.0.1" { - t.Errorf("returned %v but expected %v", rv, apiv1.LoadBalancerIngress{IP: "127.0.0.1"}) + t.Errorf("returned %v but expected %v", rv, networking.IngressLoadBalancerIngress{IP: "127.0.0.1"}) } if rv2.IP != "1.1.1.1" { - t.Errorf("returned %v but expected %v", rv2, apiv1.LoadBalancerIngress{IP: "1.1.1.1"}) + t.Errorf("returned %v but expected %v", rv2, networking.IngressLoadBalancerIngress{IP: "1.1.1.1"}) } } func TestStandardizeLoadBalancerIngresses(t *testing.T) { - fkEndpoints := []apiv1.LoadBalancerIngress{ + fkEndpoints := []networking.IngressLoadBalancerIngress{ {IP: "2001:db8::68"}, {IP: "10.0.0.1"}, {Hostname: "opensource-k8s-ingress"}, @@ -668,7 +671,7 @@ func TestStandardizeLoadBalancerIngresses(t *testing.T) { r := standardizeLoadBalancerIngresses(fkEndpoints) if r == nil { - t.Fatalf("returned nil but expected a valid []apiv1.LoadBalancerIngress") + t.Fatalf("returned nil but expected a valid []networking.IngressLoadBalancerIngress") } rl := len(r) if rl != 3 { @@ -676,21 +679,21 @@ func TestStandardizeLoadBalancerIngresses(t *testing.T) { } re1 := r[0] if re1.Hostname != "opensource-k8s-ingress" { - t.Fatalf("returned %v but expected %v", re1, apiv1.LoadBalancerIngress{Hostname: "opensource-k8s-ingress"}) + t.Fatalf("returned %v but expected %v", re1, networking.IngressLoadBalancerIngress{Hostname: "opensource-k8s-ingress"}) } re2 := r[1] if re2.IP != "10.0.0.1" { - t.Fatalf("returned %v but expected %v", re2, apiv1.LoadBalancerIngress{IP: "10.0.0.1"}) + t.Fatalf("returned %v but expected %v", re2, networking.IngressLoadBalancerIngress{IP: "10.0.0.1"}) } re3 := r[2] if re3.IP != "2001:db8::68" { - t.Fatalf("returned %v but expected %v", re3, apiv1.LoadBalancerIngress{IP: "2001:db8::68"}) + t.Fatalf("returned %v but expected %v", re3, networking.IngressLoadBalancerIngress{IP: "2001:db8::68"}) } } func TestIngressSliceEqual(t *testing.T) { fk1 := buildLoadBalancerIngressByIP() - fk2 := append(buildLoadBalancerIngressByIP(), apiv1.LoadBalancerIngress{ + fk2 := append(buildLoadBalancerIngressByIP(), networking.IngressLoadBalancerIngress{ IP: "10.0.0.5", Hostname: "foo5", }) @@ -700,8 +703,8 @@ func TestIngressSliceEqual(t *testing.T) { fk4[2].IP = "11.0.0.3" fooTests := []struct { - lhs []apiv1.LoadBalancerIngress - rhs []apiv1.LoadBalancerIngress + lhs []networking.IngressLoadBalancerIngress + rhs []networking.IngressLoadBalancerIngress er bool }{ {fk1, fk1, true}, @@ -710,7 +713,7 @@ func TestIngressSliceEqual(t *testing.T) { {fk4, fk1, false}, {fk1, nil, false}, {nil, nil, true}, - {[]apiv1.LoadBalancerIngress{}, []apiv1.LoadBalancerIngress{}, true}, + {[]networking.IngressLoadBalancerIngress{}, []networking.IngressLoadBalancerIngress{}, true}, } for _, fooTest := range fooTests { diff --git a/test/e2e/status/update.go b/test/e2e/status/update.go index c9c6ef333..8bedc4d4e 100644 --- a/test/e2e/status/update.go +++ b/test/e2e/status/update.go @@ -19,6 +19,7 @@ package settings import ( "context" "fmt" + v1 "k8s.io/api/networking/v1" "log" "net" "strings" @@ -28,7 +29,6 @@ import ( "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" - apiv1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -87,7 +87,7 @@ var _ = framework.IngressNginxDescribe("[Status] status update", func() { ing, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), host, metav1.GetOptions{}) assert.Nil(ginkgo.GinkgoT(), err, "unexpected error getting %s/%v Ingress", f.Namespace, host) - ing.Status.LoadBalancer.Ingress = []apiv1.LoadBalancerIngress{} + ing.Status.LoadBalancer.Ingress = []v1.IngressLoadBalancerIngress{} _, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).UpdateStatus(context.TODO(), ing, metav1.UpdateOptions{}) assert.Nil(ginkgo.GinkgoT(), err, "unexpected error cleaning Ingress status") framework.Sleep(10 * time.Second) @@ -121,9 +121,9 @@ var _ = framework.IngressNginxDescribe("[Status] status update", func() { return true, nil }) assert.Nil(ginkgo.GinkgoT(), err, "unexpected error waiting for ingress status") - assert.Equal(ginkgo.GinkgoT(), ing.Status.LoadBalancer.Ingress, ([]apiv1.LoadBalancerIngress{ + assert.Equal(ginkgo.GinkgoT(), ing.Status.LoadBalancer.Ingress, []v1.IngressLoadBalancerIngress{ {IP: "1.1.0.0"}, - })) + }) }) }) From ea0db8de77dffc0f21d8324fa79180855422e27c Mon Sep 17 00:00:00 2001 From: Christian Schaefer Date: Wed, 18 Jan 2023 14:22:35 +0100 Subject: [PATCH 482/494] Align default value for keepalive_request with NGINX default (#9518) * Align default value for keepalive_request with NGINX default * Align default value for keepalive_request with NGINX default --- docs/user-guide/nginx-configuration/configmap.md | 4 ++-- internal/ingress/controller/config/config.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 849d6968a..baefa7c72 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -62,7 +62,7 @@ The following table shows a configuration option's name, type, and the default v |[hsts-max-age](#hsts-max-age)|string|"15724800"| |[hsts-preload](#hsts-preload)|bool|"false"| |[keep-alive](#keep-alive)|int|75| -|[keep-alive-requests](#keep-alive-requests)|int|100| +|[keep-alive-requests](#keep-alive-requests)|int|1000| |[large-client-header-buffers](#large-client-header-buffers)|string|"4 8k"| |[log-format-escape-none](#log-format-escape-none)|bool|"false"| |[log-format-escape-json](#log-format-escape-json)|bool|"false"| @@ -1348,4 +1348,4 @@ will be allowed. See also [#disable-pathtype-validation](#disable-pathtype-validation). -_**default:**_ "^%$[](){}*+?|" \ No newline at end of file +_**default:**_ "^%$[](){}*+?|" diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index b246ef9cf..8be92167d 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -852,7 +852,7 @@ func NewDefault() Configuration { GzipMinLength: 256, GzipTypes: gzipTypes, KeepAlive: 75, - KeepAliveRequests: 100, + KeepAliveRequests: 1000, LargeClientHeaderBuffers: "4 8k", LogFormatEscapeJSON: false, LogFormatStream: logFormatStream, From e846c30e47ffd4bc2290ed4b9ed5d4fb8dd09a4c Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 13 Jan 2023 08:54:28 -0500 Subject: [PATCH 483/494] start 1.6.0 release Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index c9b3c015f..05f629f1b 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.1 \ No newline at end of file +v1.6.0 \ No newline at end of file From 101ab06010f80990009c212d7cb5c187e6502648 Mon Sep 17 00:00:00 2001 From: Zadkiel Aharonian Date: Thu, 19 Jan 2023 15:36:38 +0100 Subject: [PATCH 484/494] fix(grafana-dashboard): remove hardcoded namespace references (#9523) --- deploy/grafana/dashboards/nginx.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/grafana/dashboards/nginx.json b/deploy/grafana/dashboards/nginx.json index 85f93c9eb..3c3205b4a 100644 --- a/deploy/grafana/dashboards/nginx.json +++ b/deploy/grafana/dashboards/nginx.json @@ -1312,7 +1312,7 @@ "targets": [ { "exemplar": true, - "expr": "histogram_quantile(0.80, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", + "expr": "histogram_quantile(0.80, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le))", "format": "time_series", "hide": false, "instant": false, @@ -1323,7 +1323,7 @@ }, { "exemplar": true, - "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", + "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le))", "format": "time_series", "hide": false, "instant": false, @@ -1335,7 +1335,7 @@ { "editorMode": "code", "exemplar": true, - "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", + "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le))", "format": "time_series", "hide": false, "instant": false, @@ -1377,7 +1377,7 @@ "targets": [ { "exemplar": true, - "expr": "sum(increase(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le)", + "expr": "sum(increase(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le)", "format": "heatmap", "interval": "", "legendFormat": "{{le}}", From 8c4cd879e33f966a80c06032955f2cd1d3a2f59b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Jan 2023 06:48:35 -0800 Subject: [PATCH 485/494] Bump google.golang.org/grpc from 1.51.0 to 1.52.0 (#9512) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.51.0 to 1.52.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.51.0...v1.52.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 780cac648..2412ad6db 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.5.0 - google.golang.org/grpc v1.51.0 + google.golang.org/grpc v1.52.0 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 diff --git a/go.sum b/go.sum index f03756bab..6dc3d7f54 100644 --- a/go.sum +++ b/go.sum @@ -660,8 +660,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= -google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= +google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= +google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From d1af3b5ccaf2ff3cde0f3b3fcdb27c2f45fc0516 Mon Sep 17 00:00:00 2001 From: Harpreet singh Date: Thu, 19 Jan 2023 22:58:36 +0800 Subject: [PATCH 486/494] Add CORS template check inside location for externalAuth.SignURL (#8814) * Add CORS template check inside location for externalAuth.SignURL * Add testcase for CORS header for auth-signin redirect with CORS enabled. --- rootfs/etc/nginx/template/nginx.tmpl | 4 +++ test/e2e/annotations/auth.go | 45 ++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 911cf75ea..958397dd5 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -1180,6 +1180,10 @@ stream { add_header Set-Cookie $auth_cookie; + {{ if $location.CorsConfig.CorsEnabled }} + {{ template "CORS" $location }} + {{ end }} + # Ensure that modsecurity will not run on an internal location as this is not accessible from outside {{ if $all.Cfg.EnableModsecurity }} modsecurity off; diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go index 1f0f4c3b2..e26fcbd46 100644 --- a/test/e2e/annotations/auth.go +++ b/test/e2e/annotations/auth.go @@ -720,6 +720,51 @@ http { }) }) + ginkgo.Context("when external authentication is configured along with CORS enabled", func() { + host := "auth" + var annotations map[string]string + var ing *networking.Ingress + + ginkgo.BeforeEach(func() { + f.NewHttpbinDeployment() + + var httpbinIP string + + err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1) + assert.Nil(ginkgo.GinkgoT(), err) + + e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{}) + assert.Nil(ginkgo.GinkgoT(), err) + + httpbinIP = e.Subsets[0].Addresses[0].IP + + annotations = map[string]string{ + "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP), + "nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start", + "nginx.ingress.kubernetes.io/enable-cors": "true", + } + + ing = framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, func(server string) bool { + return strings.Contains(server, "server_name auth") + }) + }) + + ginkgo.It("should redirect to signin url when not signed in along With CORS headers in response", func() { + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithQuery("a", "b"). + WithQuery("c", "d"). + Expect(). + Status(http.StatusFound). + Header("Access-Control-Allow-Origin").Equal(fmt.Sprintf("*")) + + }) + }) + ginkgo.Context("when external authentication with caching is configured", func() { thisHost := "auth" thatHost := "different" From ef5bf06c61b12e78e0e3168a3bc7fd4222fb5db0 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 9 Nov 2022 16:05:42 -0500 Subject: [PATCH 487/494] testing auto change Signed-off-by: James Strong --- hack/changelog.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100755 hack/changelog.sh diff --git a/hack/changelog.sh b/hack/changelog.sh new file mode 100755 index 000000000..6ecd9f890 --- /dev/null +++ b/hack/changelog.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +set -o errexit +set -o nounset +set -o pipefail + +declare -a mandatory +mandatory=( + LINES + RELEASE +) + +gh pr list -R kubernetes/ingress-nginx -s merged -L ${LINES} -B main | cut -f1,2 | awk '{ printf "* [%s](https://github.com/kubernetes/ingress-nginx/pull/%s) %s\n",$1,$1, substr($0,6)}' + + From 2a9e420bf7977a75515825a6338d2975a6b6a1fc Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 11 Nov 2022 09:23:19 -0500 Subject: [PATCH 488/494] Add mage files for changelog Signed-off-by: James Strong --- Changelog.md.gotmpl | 15 + RELEASE.md => MANUAL_RELEASE.md | 10 +- NEW_RELEASE_PROCESS.md | 9 + TAG | 2 +- changelog/Changelog-1.5.2.md | 36 ++ charts/ingress-nginx/changelog/.gitkeep | 0 .../changelog/Changelog-1.5.2.md | 12 + go.mod | 1 + go.sum | 2 + hack/changelog.sh | 15 - ingress-nginx.yaml | 68 ++ magefiles/common.go | 66 ++ magefiles/docker.go | 3 + magefiles/go.go | 15 + magefiles/go.mod | 32 + magefiles/go.sum | 105 +++ magefiles/helm.go | 608 ++++++++++++++++++ magefiles/mage.go | 13 + magefiles/release.go | 526 +++++++++++++++ magefiles/tags.go | 130 ++++ magefiles/yaml.go | 3 + 21 files changed, 1650 insertions(+), 21 deletions(-) create mode 100644 Changelog.md.gotmpl rename RELEASE.md => MANUAL_RELEASE.md (96%) create mode 100644 NEW_RELEASE_PROCESS.md create mode 100644 charts/ingress-nginx/changelog/.gitkeep create mode 100644 charts/ingress-nginx/changelog/Changelog-1.5.2.md delete mode 100755 hack/changelog.sh create mode 100644 ingress-nginx.yaml create mode 100644 magefiles/common.go create mode 100644 magefiles/docker.go create mode 100644 magefiles/go.go create mode 100644 magefiles/go.mod create mode 100644 magefiles/go.sum create mode 100644 magefiles/helm.go create mode 100644 magefiles/mage.go create mode 100644 magefiles/release.go create mode 100644 magefiles/tags.go create mode 100644 magefiles/yaml.go diff --git a/Changelog.md.gotmpl b/Changelog.md.gotmpl new file mode 100644 index 000000000..d35df8ade --- /dev/null +++ b/Changelog.md.gotmpl @@ -0,0 +1,15 @@ +# Changelog + +### {{ .Version }} +Images: +{{ with .ControllerImages }} +{{ range . }} * {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }} +{{ end }} {{ end }} +### All Changes: +{{ with .Updates }} +{{ range . }}* {{ . }} +{{ end }}{{ end }} +### Dependencies updates: {{ with .DepUpdates }} +{{ range . }}* {{ . }} +{{ end }} {{ end }} +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-{{ .PreviousControllerVersion }}...controller-{{ .NewControllerVersion }} diff --git a/RELEASE.md b/MANUAL_RELEASE.md similarity index 96% rename from RELEASE.md rename to MANUAL_RELEASE.md index ca0faa4e1..d7144b85d 100644 --- a/RELEASE.md +++ b/MANUAL_RELEASE.md @@ -103,7 +103,7 @@ Promoting the images basically means that images, that were pushed to staging co - Fork that other project (if you don't have a fork already). -- Other project to fork [Github repo kubernetes/k8s.io](http://github.com/kubernetes/k8s.io) +- Other project to fork [GitHub repo kubernetes/k8s.io](http://github.com/kubernetes/k8s.io) - Fetch --all and rebase to upstream if already forked. @@ -111,7 +111,7 @@ Promoting the images basically means that images, that were pushed to staging co - In the related branch, of your fork, edit the file /registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml. -- For making it easier, you can edit your branch directly in the browser. But be careful about making any mistake. +- For making, it easier, you can edit your branch directly in the browser. But be careful about making any mistake. - Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before @@ -132,7 +132,7 @@ Promoting the images basically means that images, that were pushed to staging co - Make sure to get the tag and sha of the promoted image from the step before, either from cloudbuild or from [here](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/ingress-nginx/controller). -- This involves editing of several different files. So carefully follow the steps below and double check all changes with diff/grep etc., repeatedly. Mistakes here impact endusers. +- This involves editing of several files. So carefully follow the steps below and double check all changes with diff/grep etc., repeatedly. Mistakes here impact endusers. ### a. Make sure your git workspace is ready @@ -160,7 +160,7 @@ Promoting the images basically means that images, that were pushed to staging co - [TAG](https://github.com/kubernetes/ingress-nginx/blob/main/TAG#L1) ### c. Edit the helm Chart - - Change the below mentioned [Fields in Chart.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/Chart.yaml) + - Change the below-mentioned [Fields in Chart.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/Chart.yaml) - version - appVersion - kubeVersion (**ONLY if applicable**) @@ -168,7 +168,7 @@ Promoting the images basically means that images, that were pushed to staging co - artifacthub.io/prerelease: "true" - artifacthub.io/changes: | - Replace this line and other lines under this annotation with the Changelog. One process to generate the Changelog is described below - - Install and configure github cli as per the docs of gh-cli https://cli.github.com/, + - Install and configure GitHub cli as per the docs of gh-cli https://cli.github.com/, - Change dir to your clone, of your fork, of the ingress-nginx project - Run the below command and save the output to a txt file diff --git a/NEW_RELEASE_PROCESS.md b/NEW_RELEASE_PROCESS.md new file mode 100644 index 000000000..cdb683abf --- /dev/null +++ b/NEW_RELEASE_PROCESS.md @@ -0,0 +1,9 @@ +# Semi-Automated Release Process + +1. Update TAG +2. Cloud Build +3. k8s.io PR +4. git pull origin main +5. git checkout -b $RELEASE_VERSION +6. mage release:newrelease $RELEASE_VERSION +7. Wait for PR \ No newline at end of file diff --git a/TAG b/TAG index 05f629f1b..b7c0a9b1d 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.6.0 \ No newline at end of file +v1.6.0 diff --git a/changelog/Changelog-1.5.2.md b/changelog/Changelog-1.5.2.md index 8b2617924..ed8532374 100644 --- a/changelog/Changelog-1.5.2.md +++ b/changelog/Changelog-1.5.2.md @@ -3,6 +3,7 @@ ### 1.5.2 Images: +<<<<<<< HEAD * registry.k8s.io/ingress-nginx/controller:controller-v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 * registry.k8s.io/ingress-nginx/controller-chroot:controller-v1.5.2@sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b @@ -19,6 +20,24 @@ Images: * update the nginx run container for alpine:3.17.0 (#9430) * cleanup: remove ioutil for new go version (#9427) * start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417) +======= + * registry.k8s.io/controller:controller-v1.5.2@sha256:c1c091b88a6c936a83bd7g098v62f60a87868d12452529bad0d178fb36143346 + * registry.k8s.io/controller-chroot:controller-v1.5.2@sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529b350d178fb36147345 + +### All Changes: + +<<<<<<< HEAD +>>>>>>> f4164ae0b (THE CHANGELOG WORKS) +======= +* upgrade nginx base image (#9436) +* test the new e2e test images (#9444) +* avoid builds and tests for non-code changes (#9392) +* CI updates (#9440) +* HPA: Add `controller.autoscaling.annotations` to `values.yaml`. (#9253) +* update the nginx run container for alpine:3.17.0 (#9430) +* cleanup: remove ioutil for new go version (#9427) +* start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417) +>>>>>>> 9ecab7d85 (e2e doc updates work now) * ci: remove setup-helm step (#9404) * ci: remove setup-kind step (#9401) * Add reporter for all tests (#9395) @@ -54,6 +73,10 @@ Images: * add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) ### Dependencies updates: +<<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> 9ecab7d85 (e2e doc updates work now) * Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#9397) * Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9432) * Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9421) @@ -62,6 +85,11 @@ Images: * Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#9426) * Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#9424) * Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#9422) +<<<<<<< HEAD +======= +>>>>>>> f4164ae0b (THE CHANGELOG WORKS) +======= +>>>>>>> 9ecab7d85 (e2e doc updates work now) * Bump github.com/prometheus/common from 0.37.0 to 0.39.0 (#9416) * Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9408) * Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9398) @@ -76,4 +104,12 @@ Images: * Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301) * Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300) +<<<<<<< HEAD +<<<<<<< HEAD **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.5.2 +======= +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.2...controller-controller-v1.5.1 +>>>>>>> f4164ae0b (THE CHANGELOG WORKS) +======= +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.5.2 +>>>>>>> 9ecab7d85 (e2e doc updates work now) diff --git a/charts/ingress-nginx/changelog/.gitkeep b/charts/ingress-nginx/changelog/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/charts/ingress-nginx/changelog/Changelog-1.5.2.md b/charts/ingress-nginx/changelog/Changelog-1.5.2.md new file mode 100644 index 000000000..5e0563858 --- /dev/null +++ b/charts/ingress-nginx/changelog/Changelog-1.5.2.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.4.1 + +* ci: remove setup-helm step (#9404) +* feat(helm): Optionally use cert-manager instead admission patch (#9279) +* run helm release on main only and when the chart/value changes only (#9290) +* Update Ingress-Nginx version controller-v1.5.2 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.4.1...helm-chart-4.4.1 diff --git a/go.mod b/go.mod index 780cac648..c69a122ab 100644 --- a/go.mod +++ b/go.mod @@ -77,6 +77,7 @@ require ( github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect + github.com/magefile/mage v1.14.0 // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect diff --git a/go.sum b/go.sum index f03756bab..05f07c5f3 100644 --- a/go.sum +++ b/go.sum @@ -231,6 +231,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= +github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo= +github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= diff --git a/hack/changelog.sh b/hack/changelog.sh deleted file mode 100755 index 6ecd9f890..000000000 --- a/hack/changelog.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -set -o errexit -set -o nounset -set -o pipefail - -declare -a mandatory -mandatory=( - LINES - RELEASE -) - -gh pr list -R kubernetes/ingress-nginx -s merged -L ${LINES} -B main | cut -f1,2 | awk '{ printf "* [%s](https://github.com/kubernetes/ingress-nginx/pull/%s) %s\n",$1,$1, substr($0,6)}' - - diff --git a/ingress-nginx.yaml b/ingress-nginx.yaml new file mode 100644 index 000000000..be66255e0 --- /dev/null +++ b/ingress-nginx.yaml @@ -0,0 +1,68 @@ +CURRENT_VERSION: "v1.5.1" +GOLANG_VERSION: "1.19.2" +GIT_TAG: "controller-v1.5.1" +NGINX_BASE_IMAGE: "registry.k8s.io/ingress-nginx/nginx:0b5e0685112e4537ee20a0bdbba451e9f6158aa3@sha256:3f5e28bb248d5170e77b77fc2a1a385724aeff41a0b34b5afad7dd9cf93de000" +NGINX_VERSION: "1.21.6" +VERSION_TABLE: + - "v1.5.1": + - Alpine: "3.16.2" + - Kubernetes: ["1.25","1.24","1.23"] + - NGINX: "1.21.6" + - CONTROLLER_IMAGE: "registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629" + - CHROOT_CONTROLLER_IMAGE: "registry.k8s.io/ingress-nginx/controller-chroot:v1.5.1@sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345" + - "v1.4.0": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.3.1": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.3.0": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.2.1": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.1.3": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.1.2": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.1.1": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.1.0": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.0.5": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.0.4": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.0.3": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.0.2": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.0.1": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" + - "v1.0.0": + - Alpine: "3.16.2" + - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] + - NGINX: "1.19.10" diff --git a/magefiles/common.go b/magefiles/common.go new file mode 100644 index 000000000..ae2fed0c4 --- /dev/null +++ b/magefiles/common.go @@ -0,0 +1,66 @@ +//go:build mage + +package main + +import ( + "fmt" + "os" + "strings" + "time" +) + +var DEBUG bool + +func init() { + DEBUG = false + debugENV := os.Getenv("MAGE_DEBUG") + if debugENV == "true" { + DEBUG = true + } +} + +// CheckArgs should be used to ensure the right command line arguments are +// passed before executing an example. +func CheckArgs(arg ...string) { + if len(os.Args) < len(arg)+1 { + ErrorF("Usage: %s %s", os.Args[0], strings.Join(arg, " ")) + os.Exit(1) + } +} + +// CheckIfError should be used to naively panics if an error is not nil. +func CheckIfError(err error, format string, args ...interface{}) { + if err == nil { + return + } + + fmt.Printf("\x1b[31;1m%s ERROR %s %s\x1b[0m\n", timeStamp(), fmt.Sprintf(format, args...), err) + os.Exit(1) +} + +// Info should be used to describe the example commands that are about to run. +func Info(format string, args ...interface{}) { + fmt.Printf("\x1b[34;1m%s INFO: %s\x1b[0m\n", timeStamp(), fmt.Sprintf(format, args...)) +} + +func timeStamp() string { + t := time.Now() + return t.Format(time.RFC3339) +} + +// Warning should be used to display a warning +func Warning(format string, args ...interface{}) { + fmt.Printf("\x1b[36;1m%s WARNING: %s\x1b[0m\n", timeStamp(), fmt.Sprintf(format, args...)) +} + +// Info should be used to describe the example commands that are about to run. +func Debug(format string, args ...interface{}) { + if DEBUG { + fmt.Printf("\x1b[34;1m%s DEBUG: %s\x1b[0m\n", timeStamp(), fmt.Sprintf(format, args...)) + } +} + +// Info should be used to describe the example commands that are about to run. +func ErrorF(format string, args ...interface{}) { + fmt.Printf("\x1b[31;1m%s ERROR: %s\x1b[0m\n", timeStamp(), fmt.Sprintf(format, args...)) +} diff --git a/magefiles/docker.go b/magefiles/docker.go new file mode 100644 index 000000000..7353508f3 --- /dev/null +++ b/magefiles/docker.go @@ -0,0 +1,3 @@ +//go:build mage + +package main diff --git a/magefiles/go.go b/magefiles/go.go new file mode 100644 index 000000000..352b8fb1e --- /dev/null +++ b/magefiles/go.go @@ -0,0 +1,15 @@ +//go:build mage + +package main + +//import ( +// "github.com/magefile/mage/mg" +// "github.com/mysteriumnetwork/go-ci/commands" +//) +// +//type Go mg.Namespace +// +//// Checks for issues with go imports +//func (Go) CheckGoImports() error { +// return commands.GoImports("./...") +//} diff --git a/magefiles/go.mod b/magefiles/go.mod new file mode 100644 index 000000000..31c11a061 --- /dev/null +++ b/magefiles/go.mod @@ -0,0 +1,32 @@ +module github.com/kubernetes/ingress-nginx/magefiles + +go 1.19 + +require ( + github.com/blang/semver/v4 v4.0.0 + github.com/google/go-github/v48 v48.2.0 + github.com/helm/helm v2.17.0+incompatible + github.com/magefile/mage v1.14.0 + github.com/vmware-labs/yaml-jsonpath v0.3.2 + golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be + gopkg.in/yaml.v3 v3.0.1 +) + +require ( + github.com/BurntSushi/toml v1.2.1 // indirect + github.com/Masterminds/semver v1.5.0 // indirect + github.com/cyphar/filepath-securejoin v0.2.3 // indirect + github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960 // indirect + github.com/ghodss/yaml v1.0.0 // indirect + github.com/gobwas/glob v0.2.3 // indirect + github.com/golang/protobuf v1.5.2 // indirect + github.com/google/go-querystring v1.1.0 // indirect + github.com/stretchr/testify v1.8.1 // indirect + golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect + golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.28.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + k8s.io/apimachinery v0.25.4 // indirect + k8s.io/helm v2.17.0+incompatible // indirect +) diff --git a/magefiles/go.sum b/magefiles/go.sum new file mode 100644 index 000000000..38a4235f6 --- /dev/null +++ b/magefiles/go.sum @@ -0,0 +1,105 @@ +github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= +github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= +github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= +github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960 h1:aRd8M7HJVZOqn/vhOzrGcQH0lNAMkqMn+pXUYkatmcA= +github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960/go.mod h1:9HQzr9D/0PGwMEbC3d5AB7oi67+h4TsQqItC1GVYG58= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-github/v48 v48.2.0 h1:68puzySE6WqUY9KWmpOsDEQfDZsso98rT6pZcz9HqcE= +github.com/google/go-github/v48 v48.2.0/go.mod h1:dDlehKBDo850ZPvCTK0sEqTCVWcrGl2LcDiajkYi89Y= +github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= +github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/helm/helm v2.17.0+incompatible h1:0iy95yMXrfWpwaoOA9XRP+cTvitTrq+LcJV9DvR5n1Y= +github.com/helm/helm v2.17.0+incompatible/go.mod h1:ahXhuvluW4YnSL6W6hDVetZsVK8Pv4BP8OwKli7aMqo= +github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo= +github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.2 h1:uqH7bpe+ERSiDa34FDOF7RikN6RzXgduUF8yarlZp94= +github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/vmware-labs/yaml-jsonpath v0.3.2 h1:/5QKeCBGdsInyDCyVNLbXyilb61MXGi9NP674f9Hobk= +github.com/vmware-labs/yaml-jsonpath v0.3.2/go.mod h1:U6whw1z03QyqgWdgXxvVnQ90zN1BWz5V+51Ewf8k+rQ= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ= +golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= +gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20191026110619-0b21df46bc1d/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc= +k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= +k8s.io/helm v2.17.0+incompatible h1:Bpn6o1wKLYqKM3+Osh8e+1/K2g/GsQJ4F4yNF2+deao= +k8s.io/helm v2.17.0+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI= diff --git a/magefiles/helm.go b/magefiles/helm.go new file mode 100644 index 000000000..87966dea0 --- /dev/null +++ b/magefiles/helm.go @@ -0,0 +1,608 @@ +//go:build mage + +package main + +import ( + "fmt" + semver "github.com/blang/semver/v4" + "github.com/helm/helm/pkg/chartutil" + "github.com/magefile/mage/mg" + "github.com/magefile/mage/sh" + yamlpath "github.com/vmware-labs/yaml-jsonpath/pkg/yamlpath" + "gopkg.in/yaml.v3" + "os" + "strings" +) + +const HelmChartPath = "charts/ingress-nginx/Chart.yaml" +const HelmChartValues = "charts/ingress-nginx/values.yaml" + +type Helm mg.Namespace + +// UpdateAppVersion Updates the Helm App Version of Ingress Nginx Controller +func (Helm) UpdateAppVersion() { + updateAppVersion() +} + +func updateAppVersion() { + +} + +// UpdateVersion Update Helm Version of the Chart +func (Helm) UpdateVersion(version string) { + updateVersion(version) +} + +func currentChartVersion() string { + chart, err := chartutil.LoadChartfile(HelmChartPath) + CheckIfError(err, "HELM Could not Load Chart") + return chart.Version +} + +func currentChartAppVersion() string { + chart, err := chartutil.LoadChartfile(HelmChartPath) + CheckIfError(err, "HELM Could not Load Chart") + return chart.AppVersion +} + +func updateVersion(version string) { + Info("HELM Reading File %v", HelmChartPath) + + chart, err := chartutil.LoadChartfile(HelmChartPath) + CheckIfError(err, "HELM Could not Load Chart") + + //Get the current tag + //appVersionV, err := getIngressNGINXVersion() + //CheckIfError(err, "HELM Issue Retrieving the Current Ingress Nginx Version") + + //remove the v from TAG + appVersion := version + + Info("HELM Ingress-Nginx App Version: %s Chart AppVersion: %s", appVersion, chart.AppVersion) + if appVersion == chart.AppVersion { + Warning("HELM Ingress NGINX Version didnt change Ingress-Nginx App Version: %s Chart AppVersion: %s", appVersion, chart.AppVersion) + return + } + + //Update the helm chart + chart.AppVersion = appVersion + cTag, err := semver.Make(chart.Version) + CheckIfError(err, "HELM Creating Chart Version: %v", err) + + if err = cTag.IncrementPatch(); err != nil { + ErrorF("HELM Incrementing Chart Version: %v", err) + os.Exit(1) + } + chart.Version = cTag.String() + Debug("HELM Updated Chart Version: %v", chart.Version) + + err = chartutil.SaveChartfile(HelmChartPath, chart) + CheckIfError(err, "HELM Saving new Chart") +} + +func updateChartReleaseNotes(releasesNotes []string) { + Info("HELM Updating the Chart Release notes") + chart, err := chartutil.LoadChartfile(HelmChartPath) + CheckIfError(err, "HELM Could not Load Chart to update release notes %s", HelmChartPath) + var releaseNoteString string + for i := range releasesNotes { + releaseNoteString = fmt.Sprintf("%s - %s\n", releaseNoteString, releasesNotes[i]) + } + Info("HLEM Release note string %s", releaseNoteString) + chart.Annotations["artifacthub.io/changes"] = releaseNoteString + err = chartutil.SaveChartfile(HelmChartPath, chart) + CheckIfError(err, "HELM Saving updated release notes for Chart") +} + +func UpdateChartChangelog() { + +} + +// UpdateAppVersion Updates the Helm App Version of Ingress Nginx Controller +func (Helm) UpdateChartValue(key, value string) { + updateChartValue(key, value) +} + +func updateChartValue(key, value string) { + Info("HELM Updating Chart %s %s:%s", HelmChartValues, key, value) + + //read current values.yaml + data, err := os.ReadFile(HelmChartValues) + CheckIfError(err, "HELM Could not Load Helm Chart Values files %s", HelmChartValues) + + //var valuesStruct IngressChartValue + var n yaml.Node + CheckIfError(yaml.Unmarshal(data, &n), "HELM Could not Unmarshal %s", HelmChartValues) + + //update value + //keyParse := parsePath(key) + p, err := yamlpath.NewPath(key) + CheckIfError(err, "HELM cannot create path") + + q, err := p.Find(&n) + CheckIfError(err, "HELM unexpected error finding path") + + for _, i := range q { + Info("HELM Found %s at %s", i.Value, key) + i.Value = value + Info("HELM Updated %s at %s", i.Value, key) + } + + //// write to file + newValueFile, err := yaml.Marshal(&n) + CheckIfError(err, "HELM Could not Marshal new Values file") + err = os.WriteFile(HelmChartValues, newValueFile, 0644) + CheckIfError(err, "HELM Could not write new Values file to %s", HelmChartValues) + + Info("HELM Ingress Nginx Helm Chart update %s %s", key, value) +} + +func runHelmDocs() error { + err := installHelmDocs() + if err != nil { + return err + } + err = sh.RunV("helm-docs", "--chart-search-root=${PWD}/charts") + if err != nil { + return err + } + return nil +} + +func installHelmDocs() error { + Info("HELM Install HelmDocs") + var g0 = sh.RunCmd("go") + + err := g0("install", "github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0") + if err != nil { + return err + } + return nil +} +func parsePath(key string) []string { return strings.Split(key, ".") } + +func updateHelmDocs() { + +} + +type IngressChartValue struct { + CommonLabels struct { + } `yaml:"commonLabels"` + Controller struct { + Name string `yaml:"name"` + Image struct { + Chroot bool `yaml:"chroot"` + Registry string `yaml:"registry"` + Image string `yaml:"image"` + Tag string `yaml:"tag"` + Digest string `yaml:"digest"` + DigestChroot string `yaml:"digestChroot"` + PullPolicy string `yaml:"pullPolicy"` + RunAsUser int `yaml:"runAsUser"` + AllowPrivilegeEscalation bool `yaml:"allowPrivilegeEscalation"` + } `yaml:"image"` + ExistingPsp string `yaml:"existingPsp"` + ContainerName string `yaml:"containerName"` + ContainerPort struct { + HTTP int `yaml:"http"` + HTTPS int `yaml:"https"` + } `yaml:"containerPort"` + Config struct { + } `yaml:"config"` + ConfigAnnotations struct { + } `yaml:"configAnnotations"` + ProxySetHeaders struct { + } `yaml:"proxySetHeaders"` + AddHeaders struct { + } `yaml:"addHeaders"` + DNSConfig struct { + } `yaml:"dnsConfig"` + Hostname struct { + } `yaml:"hostname"` + DNSPolicy string `yaml:"dnsPolicy"` + ReportNodeInternalIP bool `yaml:"reportNodeInternalIp"` + WatchIngressWithoutClass bool `yaml:"watchIngressWithoutClass"` + IngressClassByName bool `yaml:"ingressClassByName"` + AllowSnippetAnnotations bool `yaml:"allowSnippetAnnotations"` + HostNetwork bool `yaml:"hostNetwork"` + HostPort struct { + Enabled bool `yaml:"enabled"` + Ports struct { + HTTP int `yaml:"http"` + HTTPS int `yaml:"https"` + } `yaml:"ports"` + } `yaml:"hostPort"` + ElectionID string `yaml:"electionID"` + IngressClassResource struct { + Name string `yaml:"name"` + Enabled bool `yaml:"enabled"` + Default bool `yaml:"default"` + ControllerValue string `yaml:"controllerValue"` + Parameters struct { + } `yaml:"parameters"` + } `yaml:"ingressClassResource"` + IngressClass string `yaml:"ingressClass"` + PodLabels struct { + } `yaml:"podLabels"` + PodSecurityContext struct { + } `yaml:"podSecurityContext"` + Sysctls struct { + } `yaml:"sysctls"` + PublishService struct { + Enabled bool `yaml:"enabled"` + PathOverride string `yaml:"pathOverride"` + } `yaml:"publishService"` + Scope struct { + Enabled bool `yaml:"enabled"` + Namespace string `yaml:"namespace"` + NamespaceSelector string `yaml:"namespaceSelector"` + } `yaml:"scope"` + ConfigMapNamespace string `yaml:"configMapNamespace"` + TCP struct { + ConfigMapNamespace string `yaml:"configMapNamespace"` + Annotations struct { + } `yaml:"annotations"` + } `yaml:"tcp"` + UDP struct { + ConfigMapNamespace string `yaml:"configMapNamespace"` + Annotations struct { + } `yaml:"annotations"` + } `yaml:"udp"` + MaxmindLicenseKey string `yaml:"maxmindLicenseKey"` + ExtraArgs struct { + } `yaml:"extraArgs"` + ExtraEnvs []interface{} `yaml:"extraEnvs"` + Kind string `yaml:"kind"` + Annotations struct { + } `yaml:"annotations"` + Labels struct { + } `yaml:"labels"` + UpdateStrategy struct { + } `yaml:"updateStrategy"` + MinReadySeconds int `yaml:"minReadySeconds"` + Tolerations []interface{} `yaml:"tolerations"` + Affinity struct { + } `yaml:"affinity"` + TopologySpreadConstraints []interface{} `yaml:"topologySpreadConstraints"` + TerminationGracePeriodSeconds int `yaml:"terminationGracePeriodSeconds"` + NodeSelector struct { + KubernetesIoOs string `yaml:"kubernetes.io/os"` + } `yaml:"nodeSelector"` + LivenessProbe struct { + HTTPGet struct { + Path string `yaml:"path"` + Port int `yaml:"port"` + Scheme string `yaml:"scheme"` + } `yaml:"httpGet"` + InitialDelaySeconds int `yaml:"initialDelaySeconds"` + PeriodSeconds int `yaml:"periodSeconds"` + TimeoutSeconds int `yaml:"timeoutSeconds"` + SuccessThreshold int `yaml:"successThreshold"` + FailureThreshold int `yaml:"failureThreshold"` + } `yaml:"livenessProbe"` + ReadinessProbe struct { + HTTPGet struct { + Path string `yaml:"path"` + Port int `yaml:"port"` + Scheme string `yaml:"scheme"` + } `yaml:"httpGet"` + InitialDelaySeconds int `yaml:"initialDelaySeconds"` + PeriodSeconds int `yaml:"periodSeconds"` + TimeoutSeconds int `yaml:"timeoutSeconds"` + SuccessThreshold int `yaml:"successThreshold"` + FailureThreshold int `yaml:"failureThreshold"` + } `yaml:"readinessProbe"` + HealthCheckPath string `yaml:"healthCheckPath"` + HealthCheckHost string `yaml:"healthCheckHost"` + PodAnnotations struct { + } `yaml:"podAnnotations"` + ReplicaCount int `yaml:"replicaCount"` + MinAvailable int `yaml:"minAvailable"` + Resources struct { + Requests struct { + CPU string `yaml:"cpu"` + Memory string `yaml:"memory"` + } `yaml:"requests"` + } `yaml:"resources"` + Autoscaling struct { + APIVersion string `yaml:"apiVersion"` + Enabled bool `yaml:"enabled"` + Annotations struct { + } `yaml:"annotations"` + MinReplicas int `yaml:"minReplicas"` + MaxReplicas int `yaml:"maxReplicas"` + TargetCPUUtilizationPercentage int `yaml:"targetCPUUtilizationPercentage"` + TargetMemoryUtilizationPercentage int `yaml:"targetMemoryUtilizationPercentage"` + Behavior struct { + } `yaml:"behavior"` + } `yaml:"autoscaling"` + AutoscalingTemplate []interface{} `yaml:"autoscalingTemplate"` + Keda struct { + APIVersion string `yaml:"apiVersion"` + Enabled bool `yaml:"enabled"` + MinReplicas int `yaml:"minReplicas"` + MaxReplicas int `yaml:"maxReplicas"` + PollingInterval int `yaml:"pollingInterval"` + CooldownPeriod int `yaml:"cooldownPeriod"` + RestoreToOriginalReplicaCount bool `yaml:"restoreToOriginalReplicaCount"` + ScaledObject struct { + Annotations struct { + } `yaml:"annotations"` + } `yaml:"scaledObject"` + Triggers []interface{} `yaml:"triggers"` + Behavior struct { + } `yaml:"behavior"` + } `yaml:"keda"` + EnableMimalloc bool `yaml:"enableMimalloc"` + CustomTemplate struct { + ConfigMapName string `yaml:"configMapName"` + ConfigMapKey string `yaml:"configMapKey"` + } `yaml:"customTemplate"` + Service struct { + Enabled bool `yaml:"enabled"` + AppProtocol bool `yaml:"appProtocol"` + Annotations struct { + } `yaml:"annotations"` + Labels struct { + } `yaml:"labels"` + ExternalIPs []interface{} `yaml:"externalIPs"` + LoadBalancerIP string `yaml:"loadBalancerIP"` + LoadBalancerSourceRanges []interface{} `yaml:"loadBalancerSourceRanges"` + EnableHTTP bool `yaml:"enableHttp"` + EnableHTTPS bool `yaml:"enableHttps"` + IPFamilyPolicy string `yaml:"ipFamilyPolicy"` + IPFamilies []string `yaml:"ipFamilies"` + Ports struct { + HTTP int `yaml:"http"` + HTTPS int `yaml:"https"` + } `yaml:"ports"` + TargetPorts struct { + HTTP string `yaml:"http"` + HTTPS string `yaml:"https"` + } `yaml:"targetPorts"` + Type string `yaml:"type"` + NodePorts struct { + HTTP string `yaml:"http"` + HTTPS string `yaml:"https"` + TCP struct { + } `yaml:"tcp"` + UDP struct { + } `yaml:"udp"` + } `yaml:"nodePorts"` + External struct { + Enabled bool `yaml:"enabled"` + } `yaml:"external"` + Internal struct { + Enabled bool `yaml:"enabled"` + Annotations struct { + } `yaml:"annotations"` + LoadBalancerSourceRanges []interface{} `yaml:"loadBalancerSourceRanges"` + } `yaml:"internal"` + } `yaml:"service"` + ShareProcessNamespace bool `yaml:"shareProcessNamespace"` + ExtraContainers []interface{} `yaml:"extraContainers"` + ExtraVolumeMounts []interface{} `yaml:"extraVolumeMounts"` + ExtraVolumes []interface{} `yaml:"extraVolumes"` + ExtraInitContainers []interface{} `yaml:"extraInitContainers"` + ExtraModules []interface{} `yaml:"extraModules"` + Opentelemetry struct { + Enabled bool `yaml:"enabled"` + Image string `yaml:"image"` + ContainerSecurityContext struct { + AllowPrivilegeEscalation bool `yaml:"allowPrivilegeEscalation"` + } `yaml:"containerSecurityContext"` + } `yaml:"opentelemetry"` + AdmissionWebhooks struct { + Annotations struct { + } `yaml:"annotations"` + Enabled bool `yaml:"enabled"` + ExtraEnvs []interface{} `yaml:"extraEnvs"` + FailurePolicy string `yaml:"failurePolicy"` + Port int `yaml:"port"` + Certificate string `yaml:"certificate"` + Key string `yaml:"key"` + NamespaceSelector struct { + } `yaml:"namespaceSelector"` + ObjectSelector struct { + } `yaml:"objectSelector"` + Labels struct { + } `yaml:"labels"` + ExistingPsp string `yaml:"existingPsp"` + NetworkPolicyEnabled bool `yaml:"networkPolicyEnabled"` + Service struct { + Annotations struct { + } `yaml:"annotations"` + ExternalIPs []interface{} `yaml:"externalIPs"` + LoadBalancerSourceRanges []interface{} `yaml:"loadBalancerSourceRanges"` + ServicePort int `yaml:"servicePort"` + Type string `yaml:"type"` + } `yaml:"service"` + CreateSecretJob struct { + SecurityContext struct { + AllowPrivilegeEscalation bool `yaml:"allowPrivilegeEscalation"` + } `yaml:"securityContext"` + Resources struct { + } `yaml:"resources"` + } `yaml:"createSecretJob"` + PatchWebhookJob struct { + SecurityContext struct { + AllowPrivilegeEscalation bool `yaml:"allowPrivilegeEscalation"` + } `yaml:"securityContext"` + Resources struct { + } `yaml:"resources"` + } `yaml:"patchWebhookJob"` + Patch struct { + Enabled bool `yaml:"enabled"` + Image struct { + Registry string `yaml:"registry"` + Image string `yaml:"image"` + Tag string `yaml:"tag"` + Digest string `yaml:"digest"` + PullPolicy string `yaml:"pullPolicy"` + } `yaml:"image"` + PriorityClassName string `yaml:"priorityClassName"` + PodAnnotations struct { + } `yaml:"podAnnotations"` + NodeSelector struct { + KubernetesIoOs string `yaml:"kubernetes.io/os"` + } `yaml:"nodeSelector"` + Tolerations []interface{} `yaml:"tolerations"` + Labels struct { + } `yaml:"labels"` + SecurityContext struct { + RunAsNonRoot bool `yaml:"runAsNonRoot"` + RunAsUser int `yaml:"runAsUser"` + FsGroup int `yaml:"fsGroup"` + } `yaml:"securityContext"` + } `yaml:"patch"` + CertManager struct { + Enabled bool `yaml:"enabled"` + RootCert struct { + Duration string `yaml:"duration"` + } `yaml:"rootCert"` + AdmissionCert struct { + Duration string `yaml:"duration"` + } `yaml:"admissionCert"` + } `yaml:"certManager"` + } `yaml:"admissionWebhooks"` + Metrics struct { + Port int `yaml:"port"` + PortName string `yaml:"portName"` + Enabled bool `yaml:"enabled"` + Service struct { + Annotations struct { + } `yaml:"annotations"` + ExternalIPs []interface{} `yaml:"externalIPs"` + LoadBalancerSourceRanges []interface{} `yaml:"loadBalancerSourceRanges"` + ServicePort int `yaml:"servicePort"` + Type string `yaml:"type"` + } `yaml:"service"` + ServiceMonitor struct { + Enabled bool `yaml:"enabled"` + AdditionalLabels struct { + } `yaml:"additionalLabels"` + Namespace string `yaml:"namespace"` + NamespaceSelector struct { + } `yaml:"namespaceSelector"` + ScrapeInterval string `yaml:"scrapeInterval"` + TargetLabels []interface{} `yaml:"targetLabels"` + Relabelings []interface{} `yaml:"relabelings"` + MetricRelabelings []interface{} `yaml:"metricRelabelings"` + } `yaml:"serviceMonitor"` + PrometheusRule struct { + Enabled bool `yaml:"enabled"` + AdditionalLabels struct { + } `yaml:"additionalLabels"` + Rules []interface{} `yaml:"rules"` + } `yaml:"prometheusRule"` + } `yaml:"metrics"` + Lifecycle struct { + PreStop struct { + Exec struct { + Command []string `yaml:"command"` + } `yaml:"exec"` + } `yaml:"preStop"` + } `yaml:"lifecycle"` + PriorityClassName string `yaml:"priorityClassName"` + } `yaml:"controller"` + RevisionHistoryLimit int `yaml:"revisionHistoryLimit"` + DefaultBackend struct { + Enabled bool `yaml:"enabled"` + Name string `yaml:"name"` + Image struct { + Registry string `yaml:"registry"` + Image string `yaml:"image"` + Tag string `yaml:"tag"` + PullPolicy string `yaml:"pullPolicy"` + RunAsUser int `yaml:"runAsUser"` + RunAsNonRoot bool `yaml:"runAsNonRoot"` + ReadOnlyRootFilesystem bool `yaml:"readOnlyRootFilesystem"` + AllowPrivilegeEscalation bool `yaml:"allowPrivilegeEscalation"` + } `yaml:"image"` + ExistingPsp string `yaml:"existingPsp"` + ExtraArgs struct { + } `yaml:"extraArgs"` + ServiceAccount struct { + Create bool `yaml:"create"` + Name string `yaml:"name"` + AutomountServiceAccountToken bool `yaml:"automountServiceAccountToken"` + } `yaml:"serviceAccount"` + ExtraEnvs []interface{} `yaml:"extraEnvs"` + Port int `yaml:"port"` + LivenessProbe struct { + FailureThreshold int `yaml:"failureThreshold"` + InitialDelaySeconds int `yaml:"initialDelaySeconds"` + PeriodSeconds int `yaml:"periodSeconds"` + SuccessThreshold int `yaml:"successThreshold"` + TimeoutSeconds int `yaml:"timeoutSeconds"` + } `yaml:"livenessProbe"` + ReadinessProbe struct { + FailureThreshold int `yaml:"failureThreshold"` + InitialDelaySeconds int `yaml:"initialDelaySeconds"` + PeriodSeconds int `yaml:"periodSeconds"` + SuccessThreshold int `yaml:"successThreshold"` + TimeoutSeconds int `yaml:"timeoutSeconds"` + } `yaml:"readinessProbe"` + Tolerations []interface{} `yaml:"tolerations"` + Affinity struct { + } `yaml:"affinity"` + PodSecurityContext struct { + } `yaml:"podSecurityContext"` + ContainerSecurityContext struct { + } `yaml:"containerSecurityContext"` + PodLabels struct { + } `yaml:"podLabels"` + NodeSelector struct { + KubernetesIoOs string `yaml:"kubernetes.io/os"` + } `yaml:"nodeSelector"` + PodAnnotations struct { + } `yaml:"podAnnotations"` + ReplicaCount int `yaml:"replicaCount"` + MinAvailable int `yaml:"minAvailable"` + Resources struct { + } `yaml:"resources"` + ExtraVolumeMounts []interface{} `yaml:"extraVolumeMounts"` + ExtraVolumes []interface{} `yaml:"extraVolumes"` + Autoscaling struct { + Annotations struct { + } `yaml:"annotations"` + Enabled bool `yaml:"enabled"` + MinReplicas int `yaml:"minReplicas"` + MaxReplicas int `yaml:"maxReplicas"` + TargetCPUUtilizationPercentage int `yaml:"targetCPUUtilizationPercentage"` + TargetMemoryUtilizationPercentage int `yaml:"targetMemoryUtilizationPercentage"` + } `yaml:"autoscaling"` + Service struct { + Annotations struct { + } `yaml:"annotations"` + ExternalIPs []interface{} `yaml:"externalIPs"` + LoadBalancerSourceRanges []interface{} `yaml:"loadBalancerSourceRanges"` + ServicePort int `yaml:"servicePort"` + Type string `yaml:"type"` + } `yaml:"service"` + PriorityClassName string `yaml:"priorityClassName"` + Labels struct { + } `yaml:"labels"` + } `yaml:"defaultBackend"` + Rbac struct { + Create bool `yaml:"create"` + Scope bool `yaml:"scope"` + } `yaml:"rbac"` + PodSecurityPolicy struct { + Enabled bool `yaml:"enabled"` + } `yaml:"podSecurityPolicy"` + ServiceAccount struct { + Create bool `yaml:"create"` + Name string `yaml:"name"` + AutomountServiceAccountToken bool `yaml:"automountServiceAccountToken"` + Annotations struct { + } `yaml:"annotations"` + } `yaml:"serviceAccount"` + ImagePullSecrets []interface{} `yaml:"imagePullSecrets"` + TCP struct { + } `yaml:"tcp"` + UDP struct { + } `yaml:"udp"` + PortNamePrefix string `yaml:"portNamePrefix"` + DhParam interface{} `yaml:"dhParam"` +} diff --git a/magefiles/mage.go b/magefiles/mage.go new file mode 100644 index 000000000..97ab4712a --- /dev/null +++ b/magefiles/mage.go @@ -0,0 +1,13 @@ +//go:build ignore +// +build ignore + +package main + +import ( + "github.com/magefile/mage/mage" + "os" +) + +func main() { + os.Exit(mage.Main()) +} diff --git a/magefiles/release.go b/magefiles/release.go new file mode 100644 index 000000000..a48a9dbd0 --- /dev/null +++ b/magefiles/release.go @@ -0,0 +1,526 @@ +//go:build mage + +package main + +import ( + "context" + "errors" + "fmt" + "github.com/google/go-github/v48/github" + "github.com/magefile/mage/mg" + "github.com/magefile/mage/sh" + "golang.org/x/oauth2" + "gopkg.in/yaml.v3" + "io" + "net" + "net/http" + "os" + "text/template" + + "regexp" + "strings" + "time" +) + +type Release mg.Namespace + +var INGRESS_ORG = "strongjz" // the owner so we can test from forks +var INGRESS_REPO = "ingress-nginx" // the repo to pull from +var RELEASE_BRANCH = "main" //we only release from main +var GITHUB_TOKEN string // the Google/gogithub lib needs an PAT to access the GitHub API +var K8S_IO_ORG = "strongjz" //the owner or organization for the k8s.io repo +var K8S_IO_REPO = "k8s.io" //the repo that holds the images yaml for production promotion +var INGRESS_REGISTRY = "registry.k8s.io" //Container registry for storage Ingress-nginx images + +// ingress-nginx releases start with a TAG then a cloudbuild, then a promotion through a PR, this the location of that PR +// var IMAGES_YAML = "https://raw.githubusercontent.com/kubernetes/k8s.io/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml" +var IMAGES_YAML = "https://raw.githubusercontent.com/strongjz/k8s.io/testing/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml" + +var ctx = context.Background() // Context used for GitHub Client + +const CHANGELOG = "Changelog.md" //Name of the changelog + +func init() { + GITHUB_TOKEN = os.Getenv("GITHUB_TOKEN") +} + +// PromoteImage Creates PR into the k8s.io repo for promotion of ingress from staging to production +func (Release) PromoteImage(version, sha string) { + +} + +// Release Create a new release of ingress nginx controller +func (Release) NewRelease(version string) { + //newRelease := Release{} + + //update ingress-nginx version + //This is the step that kicks all the release process + //it is already done, so it kicks off the gcloud build of the controller images + //mg.Deps(mg.F(Tag.BumpNginx, version)) + + tag, err := getIngressNGINXVersion() + CheckIfError(err, "RELEASE Retrieving the current Ingress Nginx Version") + + Info("RELEASE Checking Current Version %s to New Version %s", tag, version) + //if the version were upgrading does not match the TAG file, lets update the TAG file + if tag != version { + Warning("RELEASE Ingress Nginx TAG %s and new version %s do not match", tag, version) + mg.Deps(mg.F(Tag.BumpNginx, fmt.Sprintf("v%s", version))) + } + + //update git controller tag controller-v$version + mg.Deps(mg.F(Tag.NewControllerTag, version)) + + //make release notes + releaseNotes, err := makeReleaseNotes(version) + CheckIfError(err, "RELEASE Creating Release Notes for version %s", version) + Info("RELEASE Release Notes %s completed", releaseNotes.Version) + + //update chart values.yaml new controller tag and image digest + releaseNotes.PreviousHelmChartVersion = currentChartVersion() + + //controller tag + updateChartValue("controller.image.tag", fmt.Sprintf("v%s", releaseNotes.Version)) + //controller digest + if releaseNotes.ControllerImages[0].Name == "controller" { + updateChartValue("controller.image.digest", releaseNotes.ControllerImages[0].Digest) + } + //controller chroot digest + if releaseNotes.ControllerImages[1].Name == "controller-chroot" { + updateChartValue("controller.image.digestChroot", releaseNotes.ControllerImages[1].Digest) + } + + //update helm chart app version + mg.Deps(mg.F(Helm.UpdateVersion, version)) + + releaseNotes.NewHelmChartVersion = currentChartVersion() + + //update helm chart release notes + updateChartReleaseNotes(releaseNotes.HelmUpdates) + + //Run helm docs update + CheckIfError(runHelmDocs(), "Error Updating Helm Docs ") + + releaseNotes.helmTemplate() + + //update static manifest + CheckIfError(updateStaticManifest(), "Error Updating Static manifests") + + ////update e2e docs TODO + updateE2EDocs() + + //update documentation with ingress-nginx version + CheckIfError(updateIndexMD(releaseNotes.PreviousControllerVersion, releaseNotes.NewControllerVersion), "Error Updating %s", INDEX_DOCS) + + //git commit TODO + + //make Pull Request TODO + + //make release TODO + //mg.Deps(mg.F(Release.CreateRelease, version)) +} + +const INDEX_DOCS = "docs/deploy/index.md" + +func updateIndexMD(old, new string) error { + Info("Updating Deploy docs with new version") + data, err := os.ReadFile(INDEX_DOCS) + CheckIfError(err, "Could not read INDEX_DOCS file %s", INDEX_DOCS) + datString := string(data) + datString = strings.Replace(datString, old, new, -1) + err = os.WriteFile(INDEX_DOCS, []byte(datString), 644) + if err != nil { + ErrorF("Could not write new %s %s", INDEX_DOCS, err) + return err + } + return nil +} + +func updateE2EDocs() { + //hack/generate-deploy-scripts.sh + updates, err := sh.Output("./hack/generate-e2e-suite-doc.sh") + CheckIfError(err, "Could not run update hack script") + err = os.WriteFile("docs/e2e-tests.md", []byte(updates), 644) + CheckIfError(err, "Could not write new e2e test file ") +} + +func installKustomize() error { + Info("Install Kustomize") + var g0 = sh.RunCmd("go") + + // somewhere in your main code + err := g0("install", "sigs.k8s.io/kustomize/kustomize/v4@v4.5.4") + if err != nil { + return err + } + return nil +} + +func updateStaticManifest() error { + CheckIfError(installKustomize(), "error installing kustomize") + + //hack/generate-deploy-scripts.sh + err := sh.RunV("./hack/generate-deploy-scripts.sh") + if err != nil { + return err + } + return nil +} + +//// CreateRelease Creates a new GitHub Release +//func (Release) CreateRelease(name string) { +// releaser, err := gh_release.NewReleaser(INGRESS_ORG, INGRESS_REPO, GITHUB_TOKEN) +// CheckIfError(err, "GitHub Release Client error") +// newRelease, err := releaser.Create(fmt.Sprintf("controller-%s", name)) +// CheckIfError(err, "Create release error") +// Info("New Release: Tag %v, ID: %v", newRelease.TagName, newRelease.ID) +//} + +type ControllerImage struct { + Tag string + Digest string + Registry string + Name string +} + +type IngressRelease struct { + ControllerVersion string + ControllerImage ControllerImage + ReleaseNote ReleaseNote + Release *github.RepositoryRelease +} + +type ReleaseNote struct { + Version string + NewControllerVersion string + PreviousControllerVersion string + ControllerImages []ControllerImage + DepUpdates []string + Updates []string + HelmUpdates []string + NewHelmChartVersion string + PreviousHelmChartVersion string +} + +// Returns a GitHub client ready for use +func githubClient() *github.Client { + ts := oauth2.StaticTokenSource( + &oauth2.Token{AccessToken: GITHUB_TOKEN}, + ) + oauthClient := oauth2.NewClient(ctx, ts) + return github.NewClient(oauthClient) +} + +// LatestCommitLogs Retrieves the commit log between the latest two controller versions. +func (Release) LatestCommitLogs() { + commitLog := commitsBetweenTags() + for i, s := range commitLog { + Info("#%v Version %v", i, s) + } +} + +func commitsBetweenTags() []string { + tags := getAllControllerTags() + Info("Getting Commits between %v and %v", tags[0], tags[1]) + commitLog, err := git("log", "--full-history", "--pretty", "--oneline", fmt.Sprintf("%v..%v", tags[1], tags[0])) + + if commitLog == "" { + Warning("All Controller Tags is empty") + } + CheckIfError(err, "Retrieving Commit log") + return strings.Split(commitLog, "\n") +} + +// Generate Release Notes +func (Release) ReleaseNotes(newVersion string) error { + notes, err := makeReleaseNotes(newVersion) + CheckIfError(err, "Creating Release Notes for version %s", newVersion) + Info("Release Notes %s completed", notes.Version) + return nil +} + +func makeReleaseNotes(newVersion string) (*ReleaseNote, error) { + var newReleaseNotes = ReleaseNote{} + + newReleaseNotes.Version = newVersion + allControllerTags := getAllControllerTags() + + //new version + newReleaseNotes.NewControllerVersion = allControllerTags[0] + newControllerVersion := fmt.Sprintf("controller-v%s", newVersion) + + //the newControllerVersion should match the latest tag + if newControllerVersion != allControllerTags[0] { + return nil, errors.New(fmt.Sprintf("Generating release new version %s didnt match the current latest tag %s", newControllerVersion, allControllerTags[0])) + } + //previous version + newReleaseNotes.PreviousControllerVersion = allControllerTags[1] + + Info("New Version: %s Old Version: %s", newReleaseNotes.NewControllerVersion, newReleaseNotes.PreviousControllerVersion) + + commits := commitsBetweenTags() + + //dependency_updates + //all_updates + var allUpdates []string + var depUpdates []string + var helmUpdates []string + prRegex := regexp.MustCompile("\\(#\\d+\\)") + depBot := regexp.MustCompile("^(\\w){1,10} Bump ") + helmRegex := regexp.MustCompile("helm|chart") + for i, s := range commits { + //matches on PR + if prRegex.Match([]byte(s)) { + //matches a dependant bot update + if depBot.Match([]byte(s)) { // + Debug("#%v DEPENDABOT %v", i, s) + u := strings.SplitN(s, " ", 2) + depUpdates = append(depUpdates, u[1]) + } else { // add it to the all updates slice + Debug("#%v ALL UPDATES %v", i, s) + u := strings.SplitN(s, " ", 2) + allUpdates = append(allUpdates, u[1]) + + //helm chart updates + if helmRegex.Match([]byte(s)) { + u := strings.SplitN(s, " ", 2) + helmUpdates = append(helmUpdates, u[1]) + } + } + + } + } + helmUpdates = append(helmUpdates, fmt.Sprintf("Update Ingress-Nginx version %s", newReleaseNotes.NewControllerVersion)) + + newReleaseNotes.Updates = allUpdates + newReleaseNotes.DepUpdates = depUpdates + newReleaseNotes.HelmUpdates = helmUpdates + + //controller_image_digests + imagesYaml, err := downloadFile(IMAGES_YAML) + if err != nil { + ErrorF("Could not download file %s : %s", IMAGES_YAML, err) + return nil, err + } + Debug("%s", imagesYaml) + + data := ImageYamls{} + + err = yaml.Unmarshal([]byte(imagesYaml), &data) + if err != nil { + ErrorF("Could not unmarshal images yaml %s", err) + return nil, err + } + + //controller + controllerDigest := findImageDigest(data, "controller", newVersion) + if len(controllerDigest) == 0 { + ErrorF("Controller Digest could not be found") + return nil, errors.New("Controller digest could not be found") + } + + controllerChrootDigest := findImageDigest(data, "controller-chroot", newVersion) + if len(controllerChrootDigest) == 0 { + ErrorF("Controller Chroot Digest could not be found") + return nil, errors.New("Controller Chroot digest could not be found") + } + + Debug("Latest Controller Digest %v", controllerDigest) + Debug("Latest Controller Chroot Digest %v", controllerChrootDigest) + c1 := ControllerImage{ + Digest: controllerDigest, + Registry: INGRESS_REGISTRY, + Name: "controller", + Tag: newReleaseNotes.NewControllerVersion, + } + c2 := ControllerImage{ + Digest: controllerChrootDigest, + Registry: INGRESS_REGISTRY, + Name: "controller-chroot", + Tag: newReleaseNotes.NewControllerVersion, + } + newReleaseNotes.ControllerImages = append(newReleaseNotes.ControllerImages, c1) + newReleaseNotes.ControllerImages = append(newReleaseNotes.ControllerImages, c2) + Debug("New Release Controller Images %s %s", newReleaseNotes.ControllerImages[0].Digest, newReleaseNotes.ControllerImages[1].Digest) + + if DEBUG { + newReleaseNotes.printRelease() + } + + //write it all out to the changelog file + newReleaseNotes.template() + + return &newReleaseNotes, nil +} + +func (i ControllerImage) print() string { + return fmt.Sprintf("%s/%s:%s@%s", i.Registry, i.Name, i.Tag, i.Digest) +} + +func (r ReleaseNote) template() { + // Files are provided as a slice of strings. + changelogTemplate, err := os.ReadFile("Changelog.md.gotmpl") + if err != nil { + ErrorF("Could not read changelog template file %s", err) + } + Debug("ChangeLog Templates %s", string(changelogTemplate)) + t := template.Must(template.New("changelog").Parse(string(changelogTemplate))) + // create a new file + file, err := os.Create(fmt.Sprintf("changelog/Changelog-%s.md", r.Version)) + if err != nil { + ErrorF("Could not create changelog file %s", err) + } + defer file.Close() + + err = t.Execute(file, r) + if err != nil { + ErrorF("executing template:", err) + } +} + +func (r ReleaseNote) helmTemplate() { + // Files are provided as a slice of strings. + changelogTemplate, err := os.ReadFile("charts/ingress-nginx/changelog.md.gotmpl") + if err != nil { + ErrorF("Could not read changelog template file %s", err) + } + Debug("ChangeLog Templates %s", string(changelogTemplate)) + t := template.Must(template.New("changelog").Parse(string(changelogTemplate))) + // create a new file + file, err := os.Create(fmt.Sprintf("charts/ingress-nginx/changelog/Changelog-%s.md", r.Version)) + if err != nil { + ErrorF("Could not create changelog file %s", err) + } + defer file.Close() + + err = t.Execute(file, r) + if err != nil { + ErrorF("executing template:", err) + } +} + +func (r ReleaseNote) printRelease() { + Info("Release Version: %v", r.NewControllerVersion) + Info("Previous Version: %v", r.PreviousControllerVersion) + Info("Controller Image: %v", r.ControllerImages[0].print()) + Info("Controller Chroot Image: %v", r.ControllerImages[1].print()) + for i := range r.Updates { + Info("Update #%v - %v", i, r.Updates[i]) + } + for j := range r.DepUpdates { + Info("Dependabot Update #%v - %v", j, r.DepUpdates[j]) + } +} + +type ImageYamls []ImageElement + +type ImageElement struct { + Name string `json:"name"` + Dmap map[string][]string `json:"dmap"` +} + +func findImageDigest(yaml ImageYamls, image, version string) string { + version = fmt.Sprintf("v%s", version) + Info("Searching Digest for %s:%s", image, version) + for i := range yaml { + if yaml[i].Name == image { + for k, v := range yaml[i].Dmap { + if v[0] == version { + return k + } + } + return "" + } + } + return "" +} + +func downloadFile(url string) (string, error) { + client := &http.Client{ + Transport: &http.Transport{ + DialContext: (&net.Dialer{ + Timeout: 5 * time.Second, + KeepAlive: 5 * time.Second, + }).DialContext, + TLSHandshakeTimeout: 5 * time.Second, + ResponseHeaderTimeout: 5 * time.Second, + ExpectContinueTimeout: 1 * time.Second, + MaxIdleConnsPerHost: -1, + }, + } + resp, err := client.Get(url) + if err != nil { + return "", nil + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return "", errors.New(fmt.Sprintf("Could not retrieve file, response from server %s for file %s", resp.StatusCode, url)) + } + bodyBytes, err := io.ReadAll(resp.Body) + if err != nil { + return "", nil + } + return string(bodyBytes), nil +} + +// Latest returns latest Github Release +func (Release) Latest() error { + r, _, err := latestRelease() + if err != nil { + ErrorF("Latest Release error %s", err) + return err + } + Info("Latest Release %v", r.String()) + return nil +} + +func (Release) ReleaseByTag(tag string) error { + r, _, err := releaseByTag(tag) + if err != nil { + ErrorF("Release retrieve tag error %s", tag, err) + return err + } + + Info("Latest Release %v", r.String()) + + return nil +} + +func releaseByTag(tag string) (*github.RepositoryRelease, *github.Response, error) { + ghClient := githubClient() + return ghClient.Repositories.GetReleaseByTag(ctx, INGRESS_ORG, INGRESS_REPO, tag) +} + +func latestRelease() (*github.RepositoryRelease, *github.Response, error) { + ghClient := githubClient() + return ghClient.Repositories.GetLatestRelease(ctx, INGRESS_ORG, INGRESS_REPO) +} + +// Copy Test function to copy a release +func (Release) Copy() error { + ghClient := githubClient() + kRelease, _, err := ghClient.Repositories.GetLatestRelease(ctx, "kubernetes", "ingress-nginx") + if err != nil { + ErrorF("Get Release from kubernetes %s", err) + return err + } + + sRelease := &github.RepositoryRelease{ + TagName: kRelease.TagName, + Name: kRelease.Name, + Body: kRelease.Body, + Draft: kRelease.Draft, + Prerelease: kRelease.GenerateReleaseNotes, + DiscussionCategoryName: kRelease.DiscussionCategoryName, + GenerateReleaseNotes: kRelease.GenerateReleaseNotes, + } + + sRelease, _, err = ghClient.Repositories.CreateRelease(ctx, "strongjz", "ingress-nginx", sRelease) + if err != nil { + ErrorF("Creating Strongjz release %s", err) + return err + } + Info("Copied over Kubernetes Release %v to Strongjz %v", &kRelease.Name, &sRelease.Name) + return nil +} diff --git a/magefiles/tags.go b/magefiles/tags.go new file mode 100644 index 000000000..858677ba5 --- /dev/null +++ b/magefiles/tags.go @@ -0,0 +1,130 @@ +//go:build mage + +package main + +import ( + "fmt" + semver "github.com/blang/semver/v4" + "github.com/magefile/mage/mg" + "github.com/magefile/mage/sh" + "os" + "strings" +) + +type Tag mg.Namespace + +var git = sh.OutCmd("git") + +// Nginx returns the ingress-nginx current version +func (Tag) Nginx() { + tag, err := getIngressNGINXVersion() + CheckIfError(err, "") + fmt.Printf("%v", tag) +} + +func getIngressNGINXVersion() (string, error) { + dat, err := os.ReadFile("TAG") + CheckIfError(err, "Could not read TAG file") + datString := string(dat) + //remove newline + datString = strings.Replace(datString, "\n", "", -1) + return datString, nil +} + +func checkSemVer(currentVersion, newVersion string) bool { + Info("Checking Sem Ver between current %s and new %s", currentVersion, newVersion) + cVersion, err := semver.Make(currentVersion[1:]) + if err != nil { + ErrorF("TAG Error Current Tag %v Making Semver : %v", currentVersion[1:], err) + return false + } + nVersion, err := semver.Make(newVersion) + if err != nil { + ErrorF("TAG %v Error Making Semver %v \n", newVersion, err) + return false + } + + err = nVersion.Validate() + if err != nil { + ErrorF("TAG %v not a valid Semver %v \n", newVersion, err) + return false + } + + //The result will be + //0 if newVersion == currentVersion + //-1 if newVersion < currentVersion + //+1 if newVersion > currentVersion. + Info("TAG Comparing Old %s to New %s", cVersion.String(), nVersion.String()) + comp := nVersion.Compare(cVersion) + if comp <= 0 { + Warning("SemVer:%v is not an update\n", newVersion) + return false + } + return true +} + +// BumpNginx will update the nginx TAG +func (Tag) BumpNginx(newTag string) { + Info("TAG BumpNginx version %v", newTag) + currentTag, err := getIngressNGINXVersion() + CheckIfError(err, "Getting Ingress-nginx Version") + bump(currentTag, newTag) +} + +func bump(currentTag, newTag string) { + //check if semver is valid + if !checkSemVer(currentTag, newTag) { + ErrorF("ERROR: Semver is not valid %v", newTag) + os.Exit(1) + } + + Info("Updating Tag %v to %v", currentTag, newTag) + err := os.WriteFile("TAG", []byte(newTag), 0666) + CheckIfError(err, "Error Writing New Tag File") +} + +// Git Returns the latest git tag +func (Tag) Git() { + tag, err := getGitTag() + CheckIfError(err, "Retrieving Git Tag") + Info("Git tag: %v", tag) +} + +func getGitTag() (string, error) { + return git("describe", "--tags", "--match", "controller-v*", "--abbrev=0") +} + +// ControllerTag Creates a new Git Tag for the ingress controller +func (Tag) NewControllerTag(version string) { + Info("Create Ingress Nginx Controller Tag v%s", version) + tag, err := controllerTag(version) + CheckIfError(err, "Creating git tag") + Debug("Git Tag: %s", tag) +} + +func controllerTag(version string) (string, error) { + return git("tag", "-a", "-m", fmt.Sprintf("-m \"Automated Controller release %v\"", version), fmt.Sprintf("controller-v%s", version)) +} + +func (Tag) AllControllerTags() { + tags := getAllControllerTags() + for i, s := range tags { + Info("#%v Version %v", i, s) + } +} + +func getAllControllerTags() []string { + allControllerTags, err := git("tag", "-l", "--sort=-v:refname", "controller-v*") + CheckIfError(err, "Retrieving git tags") + if !sh.CmdRan(err) { + Warning("Issue Running Command") + } + if allControllerTags == "" { + Warning("All Controller Tags is empty") + } + Debug("Controller Tags: %v", allControllerTags) + + temp := strings.Split(allControllerTags, "\n") + Debug("There are %v controller tags", len(temp)) + return temp +} diff --git a/magefiles/yaml.go b/magefiles/yaml.go new file mode 100644 index 000000000..7353508f3 --- /dev/null +++ b/magefiles/yaml.go @@ -0,0 +1,3 @@ +//go:build mage + +package main From f77eccb141c8b281e917b5989198185db2a94331 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 17 Jan 2023 14:13:50 -0500 Subject: [PATCH 489/494] change format Signed-off-by: James Strong --- magefiles/common.go | 14 ++++++++++++++ magefiles/docker.go | 14 ++++++++++++++ magefiles/go.go | 14 ++++++++++++++ magefiles/helm.go | 14 ++++++++++++++ magefiles/mage.go | 14 ++++++++++++++ magefiles/release.go | 14 ++++++++++++++ magefiles/tags.go | 14 ++++++++++++++ magefiles/yaml.go | 14 ++++++++++++++ 8 files changed, 112 insertions(+) diff --git a/magefiles/common.go b/magefiles/common.go index ae2fed0c4..772e5527c 100644 --- a/magefiles/common.go +++ b/magefiles/common.go @@ -1,3 +1,17 @@ +//Copyright 2023 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + //go:build mage package main diff --git a/magefiles/docker.go b/magefiles/docker.go index 7353508f3..443722de1 100644 --- a/magefiles/docker.go +++ b/magefiles/docker.go @@ -1,3 +1,17 @@ +//Copyright 2023 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + //go:build mage package main diff --git a/magefiles/go.go b/magefiles/go.go index 352b8fb1e..9ef4d9fdc 100644 --- a/magefiles/go.go +++ b/magefiles/go.go @@ -1,3 +1,17 @@ +//Copyright 2023 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + //go:build mage package main diff --git a/magefiles/helm.go b/magefiles/helm.go index 87966dea0..2ac2fc573 100644 --- a/magefiles/helm.go +++ b/magefiles/helm.go @@ -1,3 +1,17 @@ +//Copyright 2023 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + //go:build mage package main diff --git a/magefiles/mage.go b/magefiles/mage.go index 97ab4712a..c6d4a2587 100644 --- a/magefiles/mage.go +++ b/magefiles/mage.go @@ -1,3 +1,17 @@ +//Copyright 2023 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + //go:build ignore // +build ignore diff --git a/magefiles/release.go b/magefiles/release.go index a48a9dbd0..714c24334 100644 --- a/magefiles/release.go +++ b/magefiles/release.go @@ -1,3 +1,17 @@ +//Copyright 2023 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + //go:build mage package main diff --git a/magefiles/tags.go b/magefiles/tags.go index 858677ba5..b8dc86f88 100644 --- a/magefiles/tags.go +++ b/magefiles/tags.go @@ -1,3 +1,17 @@ +//Copyright 2023 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + //go:build mage package main diff --git a/magefiles/yaml.go b/magefiles/yaml.go index 7353508f3..443722de1 100644 --- a/magefiles/yaml.go +++ b/magefiles/yaml.go @@ -1,3 +1,17 @@ +//Copyright 2023 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + //go:build mage package main From a4fd7c80960270c5567e62427d01e6bafdcda640 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 17 Jan 2023 14:22:38 -0500 Subject: [PATCH 490/494] fixed boiler plate lint Signed-off-by: James Strong --- magefiles/common.go | 30 ++++++++++++++++-------------- magefiles/docker.go | 30 ++++++++++++++++-------------- magefiles/go.go | 30 ++++++++++++++++-------------- magefiles/helm.go | 30 ++++++++++++++++-------------- magefiles/mage.go | 30 ++++++++++++++++-------------- magefiles/release.go | 30 ++++++++++++++++-------------- magefiles/tags.go | 30 ++++++++++++++++-------------- magefiles/yaml.go | 30 ++++++++++++++++-------------- 8 files changed, 128 insertions(+), 112 deletions(-) diff --git a/magefiles/common.go b/magefiles/common.go index 772e5527c..c5c33f989 100644 --- a/magefiles/common.go +++ b/magefiles/common.go @@ -1,19 +1,21 @@ -//Copyright 2023 The Kubernetes Authors. -// -//Licensed under the Apache License, Version 2.0 (the "License"); -//you may not use this file except in compliance with the License. -//You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -//Unless required by applicable law or agreed to in writing, software -//distributed under the License is distributed on an "AS IS" BASIS, -//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -//See the License for the specific language governing permissions and -//limitations under the License. - //go:build mage +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main import ( diff --git a/magefiles/docker.go b/magefiles/docker.go index 443722de1..d7c7f588e 100644 --- a/magefiles/docker.go +++ b/magefiles/docker.go @@ -1,17 +1,19 @@ -//Copyright 2023 The Kubernetes Authors. -// -//Licensed under the Apache License, Version 2.0 (the "License"); -//you may not use this file except in compliance with the License. -//You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -//Unless required by applicable law or agreed to in writing, software -//distributed under the License is distributed on an "AS IS" BASIS, -//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -//See the License for the specific language governing permissions and -//limitations under the License. - //go:build mage +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main diff --git a/magefiles/go.go b/magefiles/go.go index 9ef4d9fdc..2385b089e 100644 --- a/magefiles/go.go +++ b/magefiles/go.go @@ -1,19 +1,21 @@ -//Copyright 2023 The Kubernetes Authors. -// -//Licensed under the Apache License, Version 2.0 (the "License"); -//you may not use this file except in compliance with the License. -//You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -//Unless required by applicable law or agreed to in writing, software -//distributed under the License is distributed on an "AS IS" BASIS, -//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -//See the License for the specific language governing permissions and -//limitations under the License. - //go:build mage +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main //import ( diff --git a/magefiles/helm.go b/magefiles/helm.go index 2ac2fc573..f9bf09cb5 100644 --- a/magefiles/helm.go +++ b/magefiles/helm.go @@ -1,19 +1,21 @@ -//Copyright 2023 The Kubernetes Authors. -// -//Licensed under the Apache License, Version 2.0 (the "License"); -//you may not use this file except in compliance with the License. -//You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -//Unless required by applicable law or agreed to in writing, software -//distributed under the License is distributed on an "AS IS" BASIS, -//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -//See the License for the specific language governing permissions and -//limitations under the License. - //go:build mage +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main import ( diff --git a/magefiles/mage.go b/magefiles/mage.go index c6d4a2587..605d687a9 100644 --- a/magefiles/mage.go +++ b/magefiles/mage.go @@ -1,20 +1,22 @@ -//Copyright 2023 The Kubernetes Authors. -// -//Licensed under the Apache License, Version 2.0 (the "License"); -//you may not use this file except in compliance with the License. -//You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -//Unless required by applicable law or agreed to in writing, software -//distributed under the License is distributed on an "AS IS" BASIS, -//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -//See the License for the specific language governing permissions and -//limitations under the License. - //go:build ignore // +build ignore +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main import ( diff --git a/magefiles/release.go b/magefiles/release.go index 714c24334..cbc4d51de 100644 --- a/magefiles/release.go +++ b/magefiles/release.go @@ -1,19 +1,21 @@ -//Copyright 2023 The Kubernetes Authors. -// -//Licensed under the Apache License, Version 2.0 (the "License"); -//you may not use this file except in compliance with the License. -//You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -//Unless required by applicable law or agreed to in writing, software -//distributed under the License is distributed on an "AS IS" BASIS, -//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -//See the License for the specific language governing permissions and -//limitations under the License. - //go:build mage +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main import ( diff --git a/magefiles/tags.go b/magefiles/tags.go index b8dc86f88..02bbbcb37 100644 --- a/magefiles/tags.go +++ b/magefiles/tags.go @@ -1,19 +1,21 @@ -//Copyright 2023 The Kubernetes Authors. -// -//Licensed under the Apache License, Version 2.0 (the "License"); -//you may not use this file except in compliance with the License. -//You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -//Unless required by applicable law or agreed to in writing, software -//distributed under the License is distributed on an "AS IS" BASIS, -//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -//See the License for the specific language governing permissions and -//limitations under the License. - //go:build mage +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main import ( diff --git a/magefiles/yaml.go b/magefiles/yaml.go index 443722de1..d7c7f588e 100644 --- a/magefiles/yaml.go +++ b/magefiles/yaml.go @@ -1,17 +1,19 @@ -//Copyright 2023 The Kubernetes Authors. -// -//Licensed under the Apache License, Version 2.0 (the "License"); -//you may not use this file except in compliance with the License. -//You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -//Unless required by applicable law or agreed to in writing, software -//distributed under the License is distributed on an "AS IS" BASIS, -//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -//See the License for the specific language governing permissions and -//limitations under the License. - //go:build mage +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main From 9d4b81ca2ad27f26bbbc1d5d586f970b5d04443e Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 18 Jan 2023 15:54:44 -0500 Subject: [PATCH 491/494] update docs, and production urls Signed-off-by: James Strong --- magefiles/helm.go | 2 +- magefiles/release.go | 112 ++++++++++++++++++++++--------------------- 2 files changed, 59 insertions(+), 55 deletions(-) diff --git a/magefiles/helm.go b/magefiles/helm.go index f9bf09cb5..a57c46813 100644 --- a/magefiles/helm.go +++ b/magefiles/helm.go @@ -104,7 +104,7 @@ func updateChartReleaseNotes(releasesNotes []string) { for i := range releasesNotes { releaseNoteString = fmt.Sprintf("%s - %s\n", releaseNoteString, releasesNotes[i]) } - Info("HLEM Release note string %s", releaseNoteString) + Info("HELM Release note string %s", releaseNoteString) chart.Annotations["artifacthub.io/changes"] = releaseNoteString err = chartutil.SaveChartfile(HelmChartPath, chart) CheckIfError(err, "HELM Saving updated release notes for Chart") diff --git a/magefiles/release.go b/magefiles/release.go index cbc4d51de..3340a99ff 100644 --- a/magefiles/release.go +++ b/magefiles/release.go @@ -40,22 +40,61 @@ import ( type Release mg.Namespace -var INGRESS_ORG = "strongjz" // the owner so we can test from forks -var INGRESS_REPO = "ingress-nginx" // the repo to pull from -var RELEASE_BRANCH = "main" //we only release from main -var GITHUB_TOKEN string // the Google/gogithub lib needs an PAT to access the GitHub API -var K8S_IO_ORG = "strongjz" //the owner or organization for the k8s.io repo -var K8S_IO_REPO = "k8s.io" //the repo that holds the images yaml for production promotion -var INGRESS_REGISTRY = "registry.k8s.io" //Container registry for storage Ingress-nginx images +var INGRESS_ORG = "kubernetes" // the owner so we can test from forks +var INGRESS_REPO = "ingress-nginx" // the repo to pull from +var RELEASE_BRANCH = "main" //we only release from main +var GITHUB_TOKEN string // the Google/gogithub lib needs an PAT to access the GitHub API +var K8S_IO_ORG = "kubernetes" //the owner or organization for the k8s.io repo +var K8S_IO_REPO = "k8s.io" //the repo that holds the images yaml for production promotion +var INGRESS_REGISTRY = "registry.k8s.io" //Container registry for storage Ingress-nginx images +var KUSTOMIZE_INSTALL_VERSION = "sigs.k8s.io/kustomize/kustomize/v4@v4.5.4" //static deploys needs kustomize to generate the template // ingress-nginx releases start with a TAG then a cloudbuild, then a promotion through a PR, this the location of that PR -// var IMAGES_YAML = "https://raw.githubusercontent.com/kubernetes/k8s.io/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml" -var IMAGES_YAML = "https://raw.githubusercontent.com/strongjz/k8s.io/testing/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml" - +var IMAGES_YAML = "https://raw.githubusercontent.com/kubernetes/k8s.io/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml" var ctx = context.Background() // Context used for GitHub Client -const CHANGELOG = "Changelog.md" //Name of the changelog +const INDEX_DOCS = "docs/deploy/index.md" //index.md has a version of the controller and needs to updated +const CHANGELOG = "Changelog.md" //Name of the changelog +//ControllerImage - struct with info about controllers +type ControllerImage struct { + Tag string + Digest string + Registry string + Name string +} + +//IngressRelease All the information about an ingress-nginx release that gets updated +type IngressRelease struct { + ControllerVersion string + ControllerImage ControllerImage + ReleaseNote ReleaseNote + Release *github.RepositoryRelease +} + +//ReleaseNote - All the pieces of information/documents that get updated during a release +type ReleaseNote struct { + Version string + NewControllerVersion string + PreviousControllerVersion string + ControllerImages []ControllerImage + DepUpdates []string + Updates []string + HelmUpdates []string + NewHelmChartVersion string + PreviousHelmChartVersion string +} + +//IMAGES_YAML returns this data structure +type ImageYamls []ImageElement + +//ImageElement - a specific image and it's data structure the dmap is a list of shas and container versions +type ImageElement struct { + Name string `json:"name"` + Dmap map[string][]string `json:"dmap"` +} + +//init will set the GitHub token from the committers/releasers env var func init() { GITHUB_TOKEN = os.Getenv("GITHUB_TOKEN") } @@ -79,7 +118,7 @@ func (Release) NewRelease(version string) { Info("RELEASE Checking Current Version %s to New Version %s", tag, version) //if the version were upgrading does not match the TAG file, lets update the TAG file - if tag != version { + if tag[1:] != version { Warning("RELEASE Ingress Nginx TAG %s and new version %s do not match", tag, version) mg.Deps(mg.F(Tag.BumpNginx, fmt.Sprintf("v%s", version))) } @@ -122,22 +161,20 @@ func (Release) NewRelease(version string) { //update static manifest CheckIfError(updateStaticManifest(), "Error Updating Static manifests") - ////update e2e docs TODO + ////update e2e docs updateE2EDocs() //update documentation with ingress-nginx version CheckIfError(updateIndexMD(releaseNotes.PreviousControllerVersion, releaseNotes.NewControllerVersion), "Error Updating %s", INDEX_DOCS) + //keeping these manual for now //git commit TODO - //make Pull Request TODO - //make release TODO //mg.Deps(mg.F(Release.CreateRelease, version)) } -const INDEX_DOCS = "docs/deploy/index.md" - +// the index.md doc needs the controller version updated func updateIndexMD(old, new string) error { Info("Updating Deploy docs with new version") data, err := os.ReadFile(INDEX_DOCS) @@ -152,29 +189,29 @@ func updateIndexMD(old, new string) error { return nil } +//runs the hack/generate-deploy-scripts.sh func updateE2EDocs() { - //hack/generate-deploy-scripts.sh updates, err := sh.Output("./hack/generate-e2e-suite-doc.sh") CheckIfError(err, "Could not run update hack script") err = os.WriteFile("docs/e2e-tests.md", []byte(updates), 644) CheckIfError(err, "Could not write new e2e test file ") } +//The static deploy scripts use kustomize to generate them, this function ensures kustomize is installed func installKustomize() error { Info("Install Kustomize") var g0 = sh.RunCmd("go") - // somewhere in your main code - err := g0("install", "sigs.k8s.io/kustomize/kustomize/v4@v4.5.4") + err := g0("install", KUSTOMIZE_INSTALL_VERSION) if err != nil { return err } return nil } +// func updateStaticManifest() error { CheckIfError(installKustomize(), "error installing kustomize") - //hack/generate-deploy-scripts.sh err := sh.RunV("./hack/generate-deploy-scripts.sh") if err != nil { @@ -192,32 +229,6 @@ func updateStaticManifest() error { // Info("New Release: Tag %v, ID: %v", newRelease.TagName, newRelease.ID) //} -type ControllerImage struct { - Tag string - Digest string - Registry string - Name string -} - -type IngressRelease struct { - ControllerVersion string - ControllerImage ControllerImage - ReleaseNote ReleaseNote - Release *github.RepositoryRelease -} - -type ReleaseNote struct { - Version string - NewControllerVersion string - PreviousControllerVersion string - ControllerImages []ControllerImage - DepUpdates []string - Updates []string - HelmUpdates []string - NewHelmChartVersion string - PreviousHelmChartVersion string -} - // Returns a GitHub client ready for use func githubClient() *github.Client { ts := oauth2.StaticTokenSource( @@ -428,13 +439,6 @@ func (r ReleaseNote) printRelease() { } } -type ImageYamls []ImageElement - -type ImageElement struct { - Name string `json:"name"` - Dmap map[string][]string `json:"dmap"` -} - func findImageDigest(yaml ImageYamls, image, version string) string { version = fmt.Sprintf("v%s", version) Info("Searching Digest for %s:%s", image, version) From 3c93c73975d89e2e90f4c822ab9af470b98a2e6f Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 19 Jan 2023 11:50:27 -0500 Subject: [PATCH 492/494] go fmt Signed-off-by: James Strong --- magefiles/release.go | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/magefiles/release.go b/magefiles/release.go index 3340a99ff..3c715bc07 100644 --- a/magefiles/release.go +++ b/magefiles/release.go @@ -56,7 +56,7 @@ var ctx = context.Background() // Context used for GitHub Client const INDEX_DOCS = "docs/deploy/index.md" //index.md has a version of the controller and needs to updated const CHANGELOG = "Changelog.md" //Name of the changelog -//ControllerImage - struct with info about controllers +// ControllerImage - struct with info about controllers type ControllerImage struct { Tag string Digest string @@ -64,7 +64,7 @@ type ControllerImage struct { Name string } -//IngressRelease All the information about an ingress-nginx release that gets updated +// IngressRelease All the information about an ingress-nginx release that gets updated type IngressRelease struct { ControllerVersion string ControllerImage ControllerImage @@ -72,7 +72,7 @@ type IngressRelease struct { Release *github.RepositoryRelease } -//ReleaseNote - All the pieces of information/documents that get updated during a release +// ReleaseNote - All the pieces of information/documents that get updated during a release type ReleaseNote struct { Version string NewControllerVersion string @@ -85,16 +85,16 @@ type ReleaseNote struct { PreviousHelmChartVersion string } -//IMAGES_YAML returns this data structure +// IMAGES_YAML returns this data structure type ImageYamls []ImageElement -//ImageElement - a specific image and it's data structure the dmap is a list of shas and container versions +// ImageElement - a specific image and it's data structure the dmap is a list of shas and container versions type ImageElement struct { Name string `json:"name"` Dmap map[string][]string `json:"dmap"` } -//init will set the GitHub token from the committers/releasers env var +// init will set the GitHub token from the committers/releasers env var func init() { GITHUB_TOKEN = os.Getenv("GITHUB_TOKEN") } @@ -189,7 +189,7 @@ func updateIndexMD(old, new string) error { return nil } -//runs the hack/generate-deploy-scripts.sh +// runs the hack/generate-deploy-scripts.sh func updateE2EDocs() { updates, err := sh.Output("./hack/generate-e2e-suite-doc.sh") CheckIfError(err, "Could not run update hack script") @@ -197,7 +197,7 @@ func updateE2EDocs() { CheckIfError(err, "Could not write new e2e test file ") } -//The static deploy scripts use kustomize to generate them, this function ensures kustomize is installed +// The static deploy scripts use kustomize to generate them, this function ensures kustomize is installed func installKustomize() error { Info("Install Kustomize") var g0 = sh.RunCmd("go") @@ -209,7 +209,6 @@ func installKustomize() error { return nil } -// func updateStaticManifest() error { CheckIfError(installKustomize(), "error installing kustomize") //hack/generate-deploy-scripts.sh From ea629a175ec5f99e0a691e6c79a95e1546bc3a26 Mon Sep 17 00:00:00 2001 From: Aarni Koskela Date: Wed, 25 Jan 2023 11:44:11 +0200 Subject: [PATCH 493/494] Move and spell-check Kubernetes 1.22 migration FAQ (#9544) * Move Kubernetes 1.22 migration guide to a separate file * Reformat and spell-check Kubernetes 1.22 migration doc --- docs/index.md | 232 +------------------------ docs/user-guide/k8s-122-migration.md | 245 +++++++++++++++++++++++++++ 2 files changed, 248 insertions(+), 229 deletions(-) create mode 100644 docs/user-guide/k8s-122-migration.md diff --git a/docs/index.md b/docs/index.md index fded1b2bc..bcf4a4018 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,233 +11,7 @@ You can learn more about using [Ingress](http://kubernetes.io/docs/user-guide/in See [Deployment](./deploy/) for a whirlwind tour that will get you started. -# FAQ - Migration to apiVersion `networking.k8s.io/v1` +# FAQ - Kubernetes 1.22 Migration -If you are using Ingress objects in your cluster (running Kubernetes older than v1.22), and you plan to upgrade to Kubernetes v1.22, this section is relevant to you. - -- Please read this [official blog on deprecated Ingress API versions](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) - -- Please read this [official documentation on the IngressClass object](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) - -## What is an IngressClass and why is it important for users of Ingress-NGINX controller now ? - -IngressClass is a Kubernetes resource. See the description below. It's important because until now, a default install of the Ingress-NGINX controller did not require any IngressClass object. From version 1.0.0 of the Ingress-NGINX Controller, an IngressClass object is required. - -On clusters with more than one instance of the Ingress-NGINX controller, all instances of the controllers must be aware of which Ingress objects they serve. The `ingressClassName` field of an Ingress is the way to let the controller know about that. - -```console -kubectl explain ingressclass -``` -``` -KIND: IngressClass -VERSION: networking.k8s.io/v1 - -DESCRIPTION: - IngressClass represents the class of the Ingress, referenced by the Ingress - Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be - used to indicate that an IngressClass should be considered default. When a - single IngressClass resource has this annotation set to true, new Ingress - resources without a class specified will be assigned this default class. - -FIELDS: - apiVersion - APIVersion defines the versioned schema of this representation of an - object. Servers should convert recognized schemas to the latest internal - value, and may reject unrecognized values. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - - kind - Kind is a string value representing the REST resource this object - represents. Servers may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - - metadata - Standard object's metadata. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - - spec - Spec is the desired state of the IngressClass. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status` - -``` - -## What has caused this change in behavior? - -There are 2 reasons primarily. - -### Reason #1 - -Until K8s version 1.21, it was possible to create an Ingress resource using deprecated versions of the Ingress API, such as: - - - `extensions/v1beta1` - - `networking.k8s.io/v1beta1` - -You would get a message about deprecation, but the Ingress resource would get created. - -From K8s version 1.22 onwards, you can **only** access the Ingress API via the stable, `networking.k8s.io/v1` API. The reason is explained in the [official blog on deprecated ingress API versions](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/). - -### Reason #2 - -If you are already using the Ingress-NGINX controller and then upgrade to K8s version v1.22 , there are several scenarios where your existing Ingress objects will not work how you expect. Read this FAQ to check which scenario matches your use case. - -## What is ingressClassName field ? - -`ingressClassName` is a field in the specs of an Ingress object. - -```shell -kubectl explain ingress.spec.ingressClassName -``` -```console -KIND: Ingress -VERSION: networking.k8s.io/v1 - -FIELD: ingressClassName - -DESCRIPTION: - IngressClassName is the name of the IngressClass cluster resource. The - associated IngressClass defines which controller will implement the - resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when that annotation is set, it - must be given precedence over this field. The controller may emit a warning - if the field and annotation have different values. Implementations of this - API should ignore Ingresses without a class specified. An IngressClass - resource may be marked as default, which can be used to set a default value - for this field. For more information, refer to the IngressClass - documentation. -``` - -The `.spec.ingressClassName` behavior has precedence over the deprecated `kubernetes.io/ingress.class` annotation. - - -## I have only one ingress controller in my cluster. What should I do? - -If a single instance of the Ingress-NGINX controller is the sole Ingress controller running in your cluster, you should add the annotation "ingressclass.kubernetes.io/is-default-class" in your IngressClass, so any new Ingress objects will have this one as default IngressClass. - -When using Helm, you can enable this annotation by setting `.controller.ingressClassResource.default: true` in your Helm chart installation's values file. - -If you have any old Ingress objects remaining without an IngressClass set, you can do one or more of the following to make the Ingress-NGINX controller aware of the old objects: - -- You can manually set the [`.spec.ingressClassName`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) field in the manifest of your own Ingress resources. -- You can re-create them after setting the `ingressclass.kubernetes.io/is-default-class` annotation to `true` on the IngressClass -- Alternatively you can make the Ingress-NGINX controller watch Ingress objects without the ingressClassName field set by starting your Ingress-NGINX with the flag [--watch-ingress-without-class=true](#what-is-the-flag-watch-ingress-without-class) . When using Helm, you can configure your Helm chart installation's values file with `.controller.watchIngressWithoutClass: true` - -You can configure your Helm chart installation's values file with `.controller.watchIngressWithoutClass: true`. - -We recommend that you create the IngressClass as shown below: -``` ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - name: nginx - annotations: - ingressclass.kubernetes.io/is-default-class: "true" -spec: - controller: k8s.io/ingress-nginx -``` - -And add the value `spec.ingressClassName=nginx` in your Ingress objects. - - -## I have multiple ingress objects in my cluster. What should I do ? -- If you have lot of ingress objects without ingressClass configuration, you can run the ingress-controller with the flag `--watch-ingress-without-class=true`. - - -### What is the flag '--watch-ingress-without-class' ? -- Its a flag that is passed,as an argument, to the `nginx-ingress-controller` executable. In the configuration, it looks like this: -``` -... -... -args: - - /nginx-ingress-controller - - --watch-ingress-without-class=true - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-dev-v1-test-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-dev-v1-test-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key -... -... -``` - -## I have more than one controller in my cluster and already use the annotation ? - -No problem. This should still keep working, but we highly recommend you to test! - -Even though `kubernetes.io/ingress.class` is deprecated, the Ingress-NGINX controller still understands that annotation. -If you want to follow good practice, you should consider migrating to use IngressClass and `.spec.ingressClassName`. - -## I have more than one controller running in my cluster, and I want to use the new API ? - -In this scenario, you need to create multiple IngressClasses (see example one). But be aware that IngressClass works in a very specific way: you will need to change the `.spec.controller` value in your IngressClass and configure the controller to expect the exact same value. - -Let's see some example, supposing that you have three IngressClasses: - -- IngressClass `ingress-nginx-one`, with `.spec.controller` equal to `example.com/ingress-nginx1` -- IngressClass `ingress-nginx-two`, with `.spec.controller` equal to `example.com/ingress-nginx2` -- IngressClass `ingress-nginx-three`, with `.spec.controller` equal to `example.com/ingress-nginx1` - -(for private use, you can also use a controller name that doesn't contain a `/`; for example: `ingress-nginx1`) - -When deploying your ingress controllers, you will have to change the `--controller-class` field as follows: - -- Ingress-Nginx A, configured to use controller class name `example.com/ingress-nginx1` -- Ingress-Nginx B, configured to use controller class name `example.com/ingress-nginx2` - -Then, when you create an Ingress object with its `ingressClassName` set to `ingress-nginx-two`, only controllers looking for the `example.com/ingress-nginx2` controller class pay attention to the new object. Given that Ingress-Nginx B is set up that way, it will serve that object, whereas Ingress-Nginx A ignores the new Ingress. - -Bear in mind that, if you start Ingress-Nginx B with the command line argument `--watch-ingress-without-class=true`, then it will serve: - -1. Ingresses without any `ingressClassName` set -2. Ingresses where the deprecated annotation (`kubernetes.io/ingress.class`) matches the value set in the command line argument `--ingress-class` -3. Ingresses that refer to any IngressClass that has the same `spec.controller` as configured in `--controller-class` - -If you start Ingress-Nginx B with the command line argument `--watch-ingress-without-class=true` and you run Ingress-Nginx A with the command line argument `--watch-ingress-without-class=false` then this is a supported configuration. If you have two Ingress-NGINX controllers for the same cluster, both running with `--watch-ingress-without-class=true` then there is likely to be a conflict. - -## I am seeing this error message in the logs of the Ingress-NGINX controller: "ingress class annotation is not equal to the expected by Ingress Controller". Why ? - -- It is highly likely that you will also see the name of the ingress resource in the same error message. This error message has been observed on use the deprecated annotation (`kubernetes.io/ingress.class`) in a Ingress resource manifest. It is recommended to use the `.spec.ingressClassName` field of the Ingress resource, to specify the name of the IngressClass of the Ingress you are defining. - -## How to easily install multiple instances of the ingress-NGINX controller in the same cluster ? -- Create a new namespace - ``` - kubectl create namespace ingress-nginx-2 - ``` -- Use Helm to install the additional instance of the ingress controller -- Ensure you have Helm working (refer to the [Helm documentation](https://helm.sh/docs/)) -- We have to assume that you have the helm repo for the ingress-NGINX controller already added to your Helm config. But, if you have not added the helm repo then you can do this to add the repo to your helm config; - ``` - helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx - ``` -- Make sure you have updated the helm repo data; - ``` - helm repo update - ``` -- Now, install an additional instance of the ingress-NGINX controller like this: - ``` - helm install ingress-nginx-2 ingress-nginx/ingress-nginx \ - --namespace ingress-nginx-2 \ - --set controller.ingressClassResource.name=nginx-two \ - --set controller.ingressClass=nginx-two \ - --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \ - --set controller.ingressClassResource.enabled=true \ - --set controller.ingressClassByName=true - ``` -- If you need to install yet another instance, then repeat the procedure to create a new namespace, change the values such as names & namespaces (for example from "-2" to "-3"), or anything else that meets your needs. -- If you need to install all instances in the same namespace, then you need to specify a different **election id**, like this: - ``` - helm install ingress-nginx-2 ingress-nginx/ingress-nginx \ - --namespace kube-system \ - --set controller.electionID=nginx-two-leader \ - --set controller.ingressClassResource.name=nginx-two \ - --set controller.ingressClass=nginx-two \ - --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \ - --set controller.ingressClassResource.enabled=true \ - --set controller.ingressClassByName=true - ``` - - Note, controller.ingressClassResource.name and controller.ingressClass have to be set with the value of the new class as the first is to create the IngressClass object and the other is to modify the deployment of the actuall ingress controller pod. +If you are using Ingress objects in your cluster (running Kubernetes older than v1.22), +and you plan to upgrade to Kubernetes v1.22, please read [the migration guide here](./user-guide/k8s-122-migration.md). diff --git a/docs/user-guide/k8s-122-migration.md b/docs/user-guide/k8s-122-migration.md new file mode 100644 index 000000000..34893f931 --- /dev/null +++ b/docs/user-guide/k8s-122-migration.md @@ -0,0 +1,245 @@ +# FAQ - Migration to Kubernetes 1.22 and apiVersion `networking.k8s.io/v1` + +If you are using Ingress objects in your cluster (running Kubernetes older than v1.22), +and you plan to upgrade to Kubernetes v1.22, this page is relevant to you. + +- Please read this [official blog on deprecated Ingress API versions](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) +- Please read this [official documentation on the IngressClass object](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) + +## What is an IngressClass and why is it important for users of ingress-nginx controller now? + +IngressClass is a Kubernetes resource. See the description below. +It's important because until now, a default install of the ingress-nginx controller did not require a IngressClass object. +From version 1.0.0 of the ingress-nginx controller, an IngressClass object is required. + +On clusters with more than one instance of the ingress-nginx controller, all instances of the controllers must be aware of which Ingress objects they serve. +The `ingressClassName` field of an Ingress is the way to let the controller know about that. + +```console +kubectl explain ingressclass +``` + +``` +KIND: IngressClass +VERSION: networking.k8s.io/v1 +DESCRIPTION: + IngressClass represents the class of the Ingress, referenced by the Ingress + Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be + used to indicate that an IngressClass should be considered default. When a + single IngressClass resource has this annotation set to true, new Ingress + resources without a class specified will be assigned this default class. +FIELDS: + apiVersion + APIVersion defines the versioned schema of this representation of an + object. Servers should convert recognized schemas to the latest internal + value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind + Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata + Standard object's metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + spec + Spec is the desired state of the IngressClass. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status` +``` + +## What has caused this change in behavior? + +There are 2 primary reasons. + +### Reason 1 + +Until K8s version 1.21, it was possible to create an Ingress resource using deprecated versions of the Ingress API, such as: + +- `extensions/v1beta1` +- `networking.k8s.io/v1beta1` + You would get a message about deprecation, but the Ingress resource would get created. + +From K8s version 1.22 onwards, you can **only** access the Ingress API via the stable, `networking.k8s.io/v1` API. +The reason is explained in the [official blog on deprecated ingress API versions](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/). + +### Reason #2 + +If you are already using the ingress-nginx controller and then upgrade to Kubernetes 1.22, +there are several scenarios where your existing Ingress objects will not work how you expect. + +Read this FAQ to check which scenario matches your use case. + +## What is the `ingressClassName` field? + +`ingressClassName` is a field in the spec of an Ingress object. + +```shell +kubectl explain ingress.spec.ingressClassName +``` + +```console +KIND: Ingress +VERSION: networking.k8s.io/v1 +FIELD: ingressClassName +DESCRIPTION: + IngressClassName is the name of the IngressClass cluster resource. The + associated IngressClass defines which controller will implement the + resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when that annotation is set, it + must be given precedence over this field. The controller may emit a warning + if the field and annotation have different values. Implementations of this + API should ignore Ingresses without a class specified. An IngressClass + resource may be marked as default, which can be used to set a default value + for this field. For more information, refer to the IngressClass + documentation. +``` + +The `.spec.ingressClassName` behavior has precedence over the deprecated `kubernetes.io/ingress.class` annotation. + +## I have only one ingress controller in my cluster. What should I do? + +If a single instance of the ingress-nginx controller is the sole Ingress controller running in your cluster, +you should add the annotation "ingressclass.kubernetes.io/is-default-class" in your IngressClass, +so any new Ingress objects will have this one as default IngressClass. + +When using Helm, you can enable this annotation by setting `.controller.ingressClassResource.default: true` in your Helm chart installation's values file. + +If you have any old Ingress objects remaining without an IngressClass set, you can do one or more of the following to make the ingress-nginx controller aware of the old objects: + +- You can manually set the [`.spec.ingressClassName`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) field in the manifest of your own Ingress resources. +- You can re-create them after setting the `ingressclass.kubernetes.io/is-default-class` annotation to `true` on the IngressClass +- Alternatively you can make the ingress-nginx controller watch Ingress objects without the ingressClassName field set by starting your ingress-nginx with the flag [--watch-ingress-without-class=true](#what-is-the-flag-watch-ingress-without-class). + When using Helm, you can configure your Helm chart installation's values file with `.controller.watchIngressWithoutClass: true`. + +We recommend that you create the IngressClass as shown below: + +``` +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + app.kubernetes.io/component: controller + name: nginx + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +spec: + controller: k8s.io/ingress-nginx +``` + +and add the value `spec.ingressClassName=nginx` in your Ingress objects. + +## I have many ingress objects in my cluster. What should I do? + +If you have lot of ingress objects without ingressClass configuration, +you can run the ingress controller with the flag `--watch-ingress-without-class=true`. + +### What is the flag `--watch-ingress-without-class`? + +It's a flag that is passed, as an argument, to the `nginx-ingress-controller` executable. +In the configuration, it looks like this: + +```yaml +# ... +args: + - /nginx-ingress-controller + - --watch-ingress-without-class=true + - --controller-class=k8s.io/ingress-nginx + # ... +# ... +``` + +## I have more than one controller in my cluster, and I'm already using the annotation + +No problem. This should still keep working, but we highly recommend you to test! +Even though `kubernetes.io/ingress.class` is deprecated, the ingress-nginx controller still understands that annotation. +If you want to follow good practice, you should consider migrating to use IngressClass and `.spec.ingressClassName`. + +## I have more than one controller running in my cluster, and I want to use the new API + +In this scenario, you need to create multiple IngressClasses (see the example above). + +Be aware that IngressClass works in a very specific way: you will need to change the `.spec.controller` value in your IngressClass and configure the controller to expect the exact same value. + +Let's see an example, supposing that you have three IngressClasses: + +- IngressClass `ingress-nginx-one`, with `.spec.controller` equal to `example.com/ingress-nginx1` +- IngressClass `ingress-nginx-two`, with `.spec.controller` equal to `example.com/ingress-nginx2` +- IngressClass `ingress-nginx-three`, with `.spec.controller` equal to `example.com/ingress-nginx1` + +For private use, you can also use a controller name that doesn't contain a `/`, e.g. `ingress-nginx1`. + +When deploying your ingress controllers, you will have to change the `--controller-class` field as follows: + +- Ingress-Nginx A, configured to use controller class name `example.com/ingress-nginx1` +- Ingress-Nginx B, configured to use controller class name `example.com/ingress-nginx2` + +When you create an Ingress object with its `ingressClassName` set to `ingress-nginx-two`, +only controllers looking for the `example.com/ingress-nginx2` controller class pay attention to the new object. + +Given that Ingress-Nginx B is set up that way, it will serve that object, whereas Ingress-Nginx A ignores the new Ingress. + +Bear in mind that if you start Ingress-Nginx B with the command line argument `--watch-ingress-without-class=true`, it will serve: + +1. Ingresses without any `ingressClassName` set +2. Ingresses where the deprecated annotation (`kubernetes.io/ingress.class`) matches the value set in the command line argument `--ingress-class` +3. Ingresses that refer to any IngressClass that has the same `spec.controller` as configured in `--controller-class` +4. If you start Ingress-Nginx B with the command line argument `--watch-ingress-without-class=true` and you run Ingress-Nginx A with the command line argument `--watch-ingress-without-class=false` then this is a supported configuration. + If you have two ingress-nginx controllers for the same cluster, both running with `--watch-ingress-without-class=true` then there is likely to be a conflict. + +## Why am I am seeing "ingress class annotation is not equal to the expected by Ingress Controller" in my controller logs? + +It is highly likely that you will also see the name of the ingress resource in the same error message. +This error message has been observed on use the deprecated annotation (`kubernetes.io/ingress.class`) in a Ingress resource manifest. +It is recommended to use the `.spec.ingressClassName` field of the Ingress resource, to specify the name of the IngressClass of the Ingress you are defining. + +## How can I easily install multiple instances of the ingress-nginx controller in the same cluster? + +You can install them in different namespaces. + +- Create a new namespace + ``` + kubectl create namespace ingress-nginx-2 + ``` +- Use Helm to install the additional instance of the ingress controller +- Ensure you have Helm working (refer to the [Helm documentation](https://helm.sh/docs/)) +- We have to assume that you have the helm repo for the ingress-nginx controller already added to your Helm config. + But, if you have not added the helm repo then you can do this to add the repo to your helm config; + ``` + helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx + ``` +- Make sure you have updated the helm repo data; + ``` + helm repo update + ``` +- Now, install an additional instance of the ingress-nginx controller like this: + ``` + helm install ingress-nginx-2 ingress-nginx/ingress-nginx \ + --namespace ingress-nginx-2 \ + --set controller.ingressClassResource.name=nginx-two \ + --set controller.ingressClass=nginx-two \ + --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \ + --set controller.ingressClassResource.enabled=true \ + --set controller.ingressClassByName=true + ``` + +If you need to install yet another instance, then repeat the procedure to create a new namespace, +change the values such as names & namespaces (for example from "-2" to "-3"), or anything else that meets your needs. + +Note that `controller.ingressClassResource.name` and `controller.ingressClass` have to be set correctly. +The first is to create the IngressClass object and the other is to modify the deployment of the actual ingress controller pod. + +### I can't use multiple namespaces, what should I do? + +If you need to install all instances in the same namespace, then you need to specify a different **election id**, like this: + +``` +helm install ingress-nginx-2 ingress-nginx/ingress-nginx \ +--namespace kube-system \ +--set controller.electionID=nginx-two-leader \ +--set controller.ingressClassResource.name=nginx-two \ +--set controller.ingressClass=nginx-two \ +--set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \ +--set controller.ingressClassResource.enabled=true \ +--set controller.ingressClassByName=true +``` From 5628f765fe883dd8c13ccd3084e9003ffd3e28d5 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Fri, 27 Jan 2023 17:12:27 +0200 Subject: [PATCH 494/494] tcpproxy: increase buffer size to 16K (#9548) --- pkg/tcpproxy/tcp.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/tcpproxy/tcp.go b/pkg/tcpproxy/tcp.go index 4c34e1f7b..86850ad54 100644 --- a/pkg/tcpproxy/tcp.go +++ b/pkg/tcpproxy/tcp.go @@ -59,11 +59,12 @@ func (p *TCPProxy) Get(host string) *TCPServer { // and open a connection to the passthrough server. func (p *TCPProxy) Handle(conn net.Conn) { defer conn.Close() - data := make([]byte, 4096) + // See: https://www.ibm.com/docs/en/ztpf/1.1.0.15?topic=sessions-ssl-record-format + data := make([]byte, 16384) length, err := conn.Read(data) if err != nil { - klog.V(4).ErrorS(err, "Error reading the first 4k of the connection") + klog.V(4).ErrorS(err, "Error reading data from the connection") return }